Port Security Sticky Addresses

mainesy · ‎08-05-2004

Does anyone know if there is a way to automatically clear the mac address on a switchport that has port security sticky addressing enabled. I have the following configured on the port(s):

switchport mode access

switchport port-security

switchport port-security aging time 1

switchport port-security aging type inactivity

switchport port-security mac-address sticky

spanning-tree portfast

I can't get it to release the sticky mac-address after the minute of inactivity. As soon as I try to connect another device to the port after the required inactivity, the port goes into an err-disabled state because it still sees the mac of the old device. Any help is appreciated. This is on a Catalyst 2950G switch.

Josh

david.bradley · ‎08-06-2004

I guess the, 'clear mac-address secure interface #/#', doesn't work?

nikhilgupta · ‎08-10-2004

Hi,

shut the port and then give the command "clear port-security sticky interface-id " and this would clear the sticky mac- address.

then enable the port and the plug in a differnet mac-address and then it would not give any security violation.

Do let me know the results

thanks

mainesy · ‎08-11-2004

Thanks for the reply. I was actually looking for it to do it dynamically. Thanks for the reply though.

tgryting · ‎11-14-2010

It is not possible to age out sticky entries. With sticky entries, they are added to the running config. So the only way to remove it is through editing the running config.... If you enter the "no switchport port-security mac-address sticky" interface command, then the mac addresses will be learned dynamically, and will be aged out after 1 minute of inactivity, per your config ...