Showing results for 
Search instead for 
Did you mean: 

MAC address table - Sudden static entries

Hi, I had an interesting issue with some catalyst switches:

The models are a 2960 (24x10/100/1000 + PoE ports) and a 3560 (24x10/100/1000).

Suddenly, several static entries apeared in the MAC address table, linked to Gigabit Ethernet Ports, the MACs were from real PCs working in the room.

As far as I know (but I must be wrong in this point) this should be possible only through manual configuration "Switch (config)# mac address-table static...". However, after typing either "show running-config" or "show startup-config" there is not a single line adding static MAC addresses to the switch.

This was causing the problem that some laptops were not able to receive traffic, since their MAC addresses were statically learned on other ports.

The solution (so far) was issuing the "no mac address-table static..." command so it is all god by now.

Question: What could be another way for the switch to learn static MAC addresses without having them in any config file (run or start)? May be through a flash or NVRAM file such as the vlan.dat? How to prevent this from happening again in the future?

Thanks in advanced.

1 Reply 1

Matthew Franks
Cisco Employee
Cisco Employee


Do you have any port security enabled?  If you do, the dynamically learned, secure mac addresses for a secure port will be listed as static in the mac address table and won't age out until the switch reloads or if you configure a specific aging time. 

This can be fixed by enabling port-security aging times.  Follow this link to see the step-by-step configuration:

What you're looking for is in the Enabling and Configuring Port Security Aging section near the end.


Hope this helps.