Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2740
Views
0
Helpful
3
Replies

Cisco 2960X Port Security and Static MAC addresses

Go to solution
DTC_
Level 1
Level 1

‎02-18-2020 02:03 PM

Hello,

I'm having trouble understanding why I'm seeing so many static MAC address entries in my MAC table, when I have none configured on the interfaces themselves. I believe it is related to port security, but I'm unsure which aspect of the configuration is creating the static entries.

Port Configuration:

switchport access vlan 100
switchport mode access
switchport voice vlan 200
switchport port-security maximum 10
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security
priority-queue out
mls qos trust dscp
spanning-tree portfast edge
spanning-tree bpduguard enable

 

Output of show mac ad on the interface:

sh mac ad int gi1/0/20
Mac Address Table
-------------------------------------------

Vlan Mac Address      Type        Ports
---- ----------- -------- -----

200 0800.0fbb.85ee STATIC Gi1/0/20

 

Output of "show port-security address":


Vlan Mac Address Type Ports                   Remaining Age
(mins)
---- ----------- ---- ----- -------------
200 0800.0fbb.85ee SecureDynamic Gi1/0/20 1

 

Why is it that port-security address shows it as a Secure Dynamic entry, yet the switches mac address table shows it as a static mac address? The switch is on SW Version 15.2(6)E2 . Any insight is appreciated.

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to DTC_

‎02-19-2020 03:33 PM

I have provided for both, so you can use what is purpose. yes 10 MAC address allowed as per the config.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-18-2020 02:35 PM

switchport port-security maximum 10  - the maximum number of secure MAC addresses on a port you set for 10MAC.

 

The port always learning as Dynamic.

 

Switch learns this address dynamically but it is showing as STATIC. This is the magic of sticky option, which we used with port security command. Sticky option automatically converts dynamically learned address in static address.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
DTC_
Level 1
Level 1
In response to balaji.bandi

‎02-19-2020 07:06 AM

Okay so the maximum 10 command implies the port has the stick option enabled? I was under the impression the sticky MAC learning was it's own line of configuration

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to DTC_

‎02-19-2020 03:33 PM

I have provided for both, so you can use what is purpose. yes 10 MAC address allowed as per the config.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents