Finding sticky MAC on access switches

d79dannyd · ‎03-06-2019

Is there away to find a sticky MAC on a different switch from the router/core? I realize port security does not span switches. I was looking for a way to find a Sticky MAC on a switch from the core that has been been aged out of the MAC address table. Some or our switches can be 10 deep off the core.

Thanks

Danny

Sergey Lisitsin · ‎03-06-2019

Danny,

There is no way of finding that out looking at the output on the core switch. As you have correctly stated, the information about MAC address security is not communicated between switches in any way. Would you mind saying why you need that and may be there is an alternative way of achieving what you need.

d79dannyd · ‎03-06-2019

Thanks Sergey,

Sometimes our technicians will move computers and only supply us with the MAC address. We need to track down the MAC, clear it off the old port, and move the port to a dead vlan. I would like to create a script to do this, however do not want the script to log into all the switches if possible.

Sergey Lisitsin · ‎03-07-2019

OK, you can possibly do something like that:

Log in to the core switch and find which port the specific MAC is found on. Then check the CDP neighbour table and identify what switch you have on that port. It then becomes the next switch you log in to. You repeat the MAC address check and also test if it has a line of configuration matching that MAC. If it does, then it is the switch, that has the sticky configuration and you clear it up. If not, you determine the CDP neighbour and repeat previous steps.

Marcos Eusebio · ‎08-24-2022

Hi Danny,

May be the #show port-security address | inc <MAC-ADDRESS> could be helpfully for your situation, only apply it on each switch where you want to discard the presence of the MAC.

Regards