Solved: How to view active MAC address only on a port

etiennelacombe · ‎02-16-2016

I have a port on a switch configured with port-security and sticky option.

interface FastEthernet0/18
...
 switchport port-security maximum 2
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 78e7.d1b4.8e14
 switchport port-security mac-address sticky 0060.b955.c003 vlan voice
...
end

The IP phone is no longer connected to this port. If show the MAC addresses on the port, both addresses are shown.

#show mac address-table int fa0/18
 Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
 491 0060.b955.c003 STATIC Fa0/18
 413 78e7.d1b4.8e14 STATIC Fa0/18
Total Mac Addresses for this criterion: 2

How can I view only the active MAC address, not including sticky addresses no longer there? show mac address-table dynamic does not show the one still there.

InayathUlla Sharieff · ‎02-17-2016

In my opinion as you have configured sticky both the mac address would be seen.

Some explanation:-=

================

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

f you save the sticky secure MAC addresses in the configuration file, when the switch restarts or the interface shuts down, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost. If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.

If you disable sticky learning and enter the switchport port-security mac-address sticky mac-address interface configuration command, an error message appears, and the sticky secure MAC address is not added to the running configuration.

HTH

Regards

Inayath.

View solution in original post

InayathUlla Sharieff · ‎02-17-2016

In my opinion as you have configured sticky both the mac address would be seen.

Some explanation:-=

================

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

f you save the sticky secure MAC addresses in the configuration file, when the switch restarts or the interface shuts down, the interface does not need to relearn these addresses. If you do not save the sticky secure addresses, they are lost. If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.

If you disable sticky learning and enter the switchport port-security mac-address sticky mac-address interface configuration command, an error message appears, and the sticky secure MAC address is not added to the running configuration.

HTH

Regards

Inayath.

etiennelacombe · ‎02-17-2016

Thanks.

It's a shame that through SNMP, one can get the "active" MAC addresses regardless of sticky, but through the CLI, one can't.

Alexey Prilutskiy · ‎02-17-2016

I fully agree with InayathUlla Sharieff.

When you configure mac port security with sticky mac the switch adds it staticaly to the CAM table.