Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1314
Views
0
Helpful
7
Replies

3750X port goes into err-disabled due to reaching mac-address limit but the show mac address-table is not showing enough mac addresses to reach this limit

CODNetadmin
Level 1
Level 1

‎07-09-2017 07:10 PM - edited ‎03-08-2019 11:15 AM

Hi Everyone,

Our 3750X port goes into err-disabled due to reaching mac-address limit but the show mac address-table is not showing enough mac addresses to reach this limit. Meaning, for example the port-security limit is set to 10, and the show mac table only lists 3 mac-addresses, the err-disabled due to port-security is still triggered. This is being resolved by shutting/no-shutting the port several times. Any feedback or having the same experience will be much appreciated. Our device is 48-PF-L and version is universalk9 SE5.

Thanks!

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎07-10-2017 12:02 AM

Hello,

that sounds like a bug...but I could not find one that matches your description. Which template are you running (show sdm prefer) ?

You can obviously circumvent the problem by configuring:

switchport port-security violation protect | restrict

which will keep the port from going into err-disable, not sure if that complies with your security policy though...

0 Helpful

dperezoquendo
Level 1
Level 1

‎07-11-2017 11:57 AM

Hello,

Did you verify that none of the 3 listed mac-addresses are sticky'd on another interface? That would be another cause of tripping port-security.

0 Helpful

CODNetadmin
Level 1
Level 1
In response to dperezoquendo

‎07-16-2017 09:19 PM

Hi dperezoquendo,

We are not using sticky.

Thanks!

0 Helpful

paul driver
VIP
VIP

‎07-11-2017 01:52 PM

Hello
Is this occurring on just one port? -

1) clear port-security configured interface x/x
2) default that interlace and shut it down,Then re-configure it without PS and check the mac table for that interface.
3) re-apply PS and  also enable error recovery.


Please share
sh port-security interface x/x

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

CODNetadmin
Level 1
Level 1
In response to paul driver

‎07-16-2017 08:53 PM

Hi Paul,

This is appearing on multiple random ports.

We have done all those. We don't want a workaround, we want a solution to this problem. I'm looking into upgrading, but i've never seen a bug similar to this.

Thanks!

0 Helpful

Georg Pauwen
VIP
VIP
In response to CODNetadmin

‎07-17-2017 12:56 AM

Hello,

is your 3750X a standalone or stacked switch ? Either way, try and change the aging values, e.g.:

switchport port-security aging time 4

switchport port-security aging type inactivity

0 Helpful

paul driver
VIP
VIP
In response to CODNetadmin

‎07-17-2017 07:46 AM

Hello

if that's the case and error recovery doesn't work either I would suggest I iOS upgrade to see if that resolves the issue

what kind of hosts are connected?

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card