cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
453
Views
2
Helpful
2
Replies

Port-security not work as expected on 2960X

dragonhunt9111
Level 1
Level 1

Hello friends,
I got a problem when using

port-security

on switch 2960X, IOS ver 15.2
My port is gi2/0/6. it is being shutdowned.

Then I plug a printer to it, and config gi2/0/6 as below, and no shutdown it

dragonhunt9111_0-1700448858605.png

then it go to err-disabled state, I shutdown, no shut, but still err-disabled again. Although no sticky command is used.

dragonhunt9111_1-1700448920889.png

 

Only when I remove command

port-security and port-security maximum

it goes up.
Put

port-security

again, it goes to err-disabled.

dragonhunt9111_0-1700449366457.png

 

dragonhunt9111_1-1700449394983.png

 

As theory, when we plug device to port switch (without sticky mac command), if it go err-disabled, we only need shutdown then no shut.

Please help to explain my case.

Thanks you!!

1 Accepted Solution

Accepted Solutions

Hello,

Has this printer been moved from a sticky port to this current port? If that's the case it could be a reason for your issue. If that printer was plugged into a port that had sticky-mac configured then that port is holding on to that MAC address son that port. So when it sees the printer on another port you plug it into it will immediately shut it back down because it already has it in its CAM table on another port from the sticky configuration on the original port.

Does it give you an error of why its being err-disabled?

 

-David

View solution in original post

2 Replies 2

Hello,

Has this printer been moved from a sticky port to this current port? If that's the case it could be a reason for your issue. If that printer was plugged into a port that had sticky-mac configured then that port is holding on to that MAC address son that port. So when it sees the printer on another port you plug it into it will immediately shut it back down because it already has it in its CAM table on another port from the sticky configuration on the original port.

Does it give you an error of why its being err-disabled?

 

-David

thank David, it is true root cause. I forgot this,

many thank you

Review Cisco Networking for a $25 gift card