Sticky Port problem

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I have noticed something strange when I configure port-security on my
"SWITCH1". When I configure a sticky mac address everything seems to
work as it should, i.e. when I plug another device into the port I
cannot get a connection, but when I do a show port-security for the
interface it says "Port status : SecureUp" and no violation count
increment. Also when I unplug a cable I still see "Port status :
SecureUp" which is contrary to what I see on my other switch & I would
expect. One thing I have noticed is that it seems I deleted the entire
contents of the MAC address table at some point as I am seeing no CPU
entries, whereas on my other identical switch (2950) I see the below
listed in the MAC table (See both SWITCH1 & SWITCH2), could this be
causing the problem & if so how do I get them back? Also out of
curiosity what are they used for?

I have tried to enter the values manually but IOS doesn't allow it, I
have also wiped the switch & copied over a backed up startup-config &
vlan.dat but the MAC entries are still missing. Maybe this is not the
cause of the port-security problem so any suggestions on both problems
would be appreciated.

TIA, Jason

SWITCH1#show mac-address-table
          Mac Address Table
------------------------------------------

Vlan    Mac Address       Type       Ports
----    -----------       ----       -----
   1    0004.274c.9ca0    DYNAMIC    Fa0/1
   1    0040.63d8.ba0a    STATIC     Fa0/12
   1    0040.63d8.bab8    DYNAMIC    Fa0/4
  10    0004.274c.9ca0    DYNAMIC    Fa0/1
Total Mac Addresses for this criterion: 4


SWITCH2#show mac-address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    000d.28f3.1680    STATIC      CPU
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0100.0cdd.dddd    STATIC      CPU
   1    0004.274c.9ca0    DYNAMIC     Fa0/1
   1    000a.f4cb.dcc2    DYNAMIC     Fa0/1
   1    0040.63d8.ba0a    STATIC      Fa0/11
   1    0040.63d8.bab8    DYNAMIC     Fa0/1
   2    000a.f4cb.dcc2    DYNAMIC     Fa0/1
   3    000a.f4cb.dcc2    DYNAMIC     Fa0/1
  10    000a.f4cb.dcc2    DYNAMIC     Fa0/1
Total Mac Addresses for this criterion: 11



SWITCH1#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0x80010000, data-base: 0x80528000

ROM: Bootstrap program is CALHOUN boot loader

SWITCH1 uptime is 18 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-11.EA1.bin"

cisco WS-C2950-12 (RC32300) processor (revision G0) with 20402K bytes of
memory.
Processor board ID FOC0638Y10G
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0A:F4:CB:DC:C0
Motherboard assembly number: 73-5782-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06380C9A
Power supply serial number: PHI06350618
Model revision number: G0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FOC0638Y10G
Configuration register is 0xF


hostname SWITCH1
!
enable secret 5
enable password 7
!
username Jason password 7
clock timezone GMT 0
ip subnet-zero
no ip domain-lookup
ip host groucho 192.168.1.100
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
 description LINK TO GROUCHO
 switchport mode trunk
 no ip address
 duplex full
 speed 10
!
interface FastEthernet0/2
 description LINK TO SWITCH2
 switchport mode trunk
 no ip address
!
interface FastEthernet0/3
 description LINK TO SWITCH2
 switchport mode trunk
 no ip address
!
interface FastEthernet0/4
 description LINK TO MY PC
 switchport mode access
 no ip address
!
interface FastEthernet0/5
 switchport access vlan 10
 switchport mode access
 no ip address
!
interface FastEthernet0/6
 switchport access vlan 10
 switchport mode access
 no ip address
!
interface FastEthernet0/7
 switchport access vlan 10
 switchport mode access
 no ip address
!
interface FastEthernet0/8
 switchport access vlan 10
 switchport mode access
 no ip address
!
interface FastEthernet0/9
 switchport access vlan 10
 switchport mode access
 no ip address
!
interface FastEthernet0/10
 switchport access vlan 10
 switchport mode access
 no ip address
!
interface FastEthernet0/11
 switchport mode access
 no ip address
!
interface FastEthernet0/12
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0040.63d8.ba0a
 no ip address
!
interface Vlan1
 ip address 192.168.1.2 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.100
ip http server
!
!
line con 0
 exec-timeout 0 0
 login local
line vty 0 4
 exec-timeout 0 0
 password 7
 login local
line vty 5 15
 exec-timeout 0 0
 password 7
 login local
!
end

SWITCH1#show mac
SWITCH1#show mac-
SWITCH1#show mac-address-table
          Mac Address Table
------------------------------------------

Vlan    Mac Address       Type       Ports
----    -----------       ----       -----
   1    0004.274c.9ca0    DYNAMIC    Fa0/1
   1    0040.63d8.ba0a    STATIC     Fa0/12
   1    0040.63d8.bab8    DYNAMIC    Fa0/4
  10    0004.274c.9ca0    DYNAMIC    Fa0/1
Total Mac Addresses for this criterion: 4
SWITCH1#show port
SWITCH1#show port-security
Secure Port      MaxSecureAddr  CurrentAddr  SecurityViolation  Security
Action
                    (Count)        (Count)      (Count)
------------------------------------------------------------------------
-------
     Fa0/12          1               1             0              
Shutdown
------------------------------------------------------------------------
-------
Total Addresses in System : 1
Max Addresses limit in System : 1024

SWITCH1#show port
SWITCH1#show port-security interf
SWITCH1#show port-security interface fa0/12
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0

Re: Sticky Port problem

Quoted text here. Click to load it


For anyone who is interested I have solved the mystery of the missing MAC
address table entries & strange switch behavior. It seems that the switches
were running different versions of IOS.

SWITCH1 was running version:

c2950-i6q4l2-mz.121-11.EA1.bin

with SWITCH2 running version

c2950-i6q4l2-mz.121-13.EA1.bin

Once I copied the IOS from SWITCH2 to SWITCH1 everything started working
correctly & the MAC address tables matched. I think the MAC address table
in SWITCH1 was always missing the CPU entries but I only noticed when
compared to SWITCH2, and I wrongly assumed that I had somehow deleted them
- it's all part of the learning curve I suppose.

Jason.

Site Timeline