Dear,

Below is the output

I have slight change by applying command mac-address sticky. I have a laptop connected in vlan 30 in switch A,  I removed the mac from the running configuration of the port before connecting in switch B in vlan 40,once I connect in port Gig 2/0/14 on switch B the laptop goes in violation mode, I have checked the mac of laptop in each and every switch of corporate it is not available then why it is going in violation mode.

thanks

# sh port-security interface gig2/0/14
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Restrict
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 10
Total MAC Addresses        : 2
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 2
Last Source Address:Vlan   : bc16.f517.ca37:40
Security Violation Count   : 0

interface GigabitEthernet2/0/4
 switchport access vlan 41
 switchport mode access
 switchport voice vlan 40
 switchport port-security maximum 10
 switchport port-security violation restrict
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 000f.fe87.204e
 switchport port-security
 storm-control broadcast level 20.00
 storm-control multicast level 20.00
 spanning-tree portfast
 spanning-tree bpduguard enable
end

sh mac address-table address 68b5.99eb.2e68
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

Jan 28 16:11:39.567: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 68b5.99eb.2e68 on port GigabitEthernet2/0/14

Hello Jack,

The "1FS1# sh port-security interface gig2/0/14" is looking fine (secure up, security violation count = 0), could you also do the same when the violation occurs? What is this MAC address - 68b5.99eb.2e68? It is not the same as on Gig2/0/4.

There is no interaction between switchports with the port-security feature, you can have the same MAC addresses saved (e.g. using the "sticky" keyword) for all the ports and still one port will not trigger any action on another one.

I am just thinking, if the configuration of "switch A" is working as expected, you can easily compare it with "switch B" to find any extra features that can be causing this.

Tom

Dear Tomas,

NO I have tested this,

 What is this MAC address - 68b5.99eb.2e68? It is not the same as on Gig2/0/4.

this is the PC which is restricted once it is connected to port gig2/0/14,i don't know why??

But I have tested the below.

if a PC on switch A is connected with mac sticky and if we remove that PC and connect to switch B the port will go in violation state.

thanks

Hello Jack,

Sorry for a late response, I was away for a while. Did you manage to solve it yet? If not, let's check what is the output of "show port-security interface Gig2/0/14" and "show mac address-table | inc 2/0/14" when the violation happens. The configuration is very simple, so the solution should be as well.

Thanks!

Tom