We have a number of laptop users thst connect directly to their laptop and not Via a docking station.
When these users move to a meeting room or another location within the building (Same Switch Stack) The new port Error Disables as the MAC of the Laptop is still stuck on the original Switchport. When i issue
#clear port-security all
#clear mac address-table dynamic
the MAC remains stuk to the original port. Only when I shut the port, issue the commands, then no shut the port will it clear. Not even a simple shut/no shut removes the MAC.
Settings on source and destination switcports are the same
No sticky on the ports...For those that ask
Any ideas as users are moving into Conference/meeting rooms and being stuck with an Error disabled port to to duplicate MAC address.
Normal Psecure Violation caused by seeing the MAC in two locations.
14:22:16.567 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0023.18d1.1d82 on port FastEthernet6/0/12.
Port Config: QoS stuff is from Auto QoS and not added Manually
switchport access vlan 130
switchport mode access
switchport voice vlan 508
switchport port-security maximum 3
srr-queue bandwidth share 10 10 60 20
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
service-policy input AutoQoS-Police-CiscoPhone
Depending on business rules there can be a few options.
Disable port security in the conference room.
Set port security aging on the ports, after a set ammount of time the MAC address is released if the port is not in use.
Business will specify that POrt-Security is needed.
Thanks ill take a look at the link although current aging time is 0....does this mean it doesnt apply or just that it is aged out immediately?
I neglected that one
I see one MAC for the phone and another for the Laptop. As the phone is not unplugged I can't assume this would stick if unplugged too.
This is likely to be the source of your problem. Since the link to the phone remains up port security will assume that the device is still present on that port.
If mobility between IP phones is highly desirable you may want to consider disabling port security for these ports.
Hmm...Surely that shouldn't be the case?
I should say I have seen users elsewhere on our campus do the same with no issues...i.e 3560 switches are fine with this operation.