Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23748
Views
19
Helpful
19
Replies

Port-security: Found duplicate mac-address

Mary Leon
Level 1
Level 1

‎01-12-2021 07:57 AM

Hello, everyone,

 

I am playing around with Packet Tracer 7.3.1 in a 2950-24 switch trying to figure out how port-security works:

I ran successfully these commands:

switch0(config-if)#switchport mode access
switch0(config-if)#switchport port-security
switch0(config-if)#switchport port-security mac-address 00D1.5935.06D3
switch0(config-if)#

 

Later on, I had to disable port-security and remove (I thought successfully removed) the mac address with:

switch0(config-if)#no switchport port-security
switch0(config-if)#no switchport port-security mac-address 00D1.5935.06D3

Now I would like to add the same mac-address to the same interface and I can't figure out how to get rid of this message:

switch0(config-if)#switchport port-security
switch0(config-if)#switchport port-security mac-address 00D1.5935.06D3
Found duplicate mac-address 00D1.5935.06D3

I'm not sure where this mac-address has been kept.

switch0#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0061.47b5.bd97 STATIC Fa0/4

 

and switch running config shows no mac configured:

switch0#show running-config
Building configuration...
Current configuration : 1146 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname switch0
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode access
switchport port-security
!
interface FastEthernet0/2
(...)

 

Finally,

 

switch0#show port-security int Fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 00D1.5935.06D3:1
Security Violation Count : 0

 

As you can see, configured mac addresses is 0. How could I fix this problem of Found duplicate MAC address? Where has been kept the MAC I added in the first place and why am I not able to remove it?

 

A second question I found at an earlier stage is that MAC table adds a static entry to the table for the MAC configured with port-security. Is it a correct behaviour? May I ask you why?

 

Thank you in advance.

 

 

 

Labels:
19 Replies 19

Georg Pauwen
VIP
VIP

‎01-12-2021 08:10 AM

Hello,

 

in order to get rid of the 'Found duplicate mac-address', default the interface:

 

2950(config)#default interface FastEthernet0/1

 

Not sure if that is a flaw in PT, usually, 'clear port-security' should work.

 

With regard to your second question, I don't see the static MAC address ?

barotabhi8
Level 1
Level 1
In response to Georg Pauwen

‎11-18-2023 12:50 PM

after using the 

2950(config)#default interface FastEthernet0/1

I just had to reenter the configurations for that port and I was then able to get 100% for the remaining of the packet tracer activity. Thank You

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-12-2021 08:16 AM

find out - where this connected and clear and remove to work.

00D1.5935.06D3

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎01-12-2021 08:38 AM

clear port-security address

this is how clear the mac address sticky to port

0 Helpful

Mary Leon
Level 1
Level 1

‎01-14-2021 05:01 AM

I'm sorry, but none of the approaches succeeded:

I tried with all of the clear port-security types:

switch0#clear port-security all
switch0#clear port-security configured
switch0#clear port-security dynamic
switch0#clear port-security sticky
switch0#show port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age(mins)
---- ----------- ---- ----- -------------
1 00D1.5935.06D3  DynamicConfigured FastEthernet0/1 -
1 0003.E4EB.7A7C DynamicConfigured FastEthernet0/1 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 1
Max Addresses limit in System (excluding one mac per port) : 1024

I also tried: 

switch0(config)#default interface Fa0/1
Building configuration...
Command rejected: An interface must be configured to the Access or Trunk modes to be configured to NoNegotiate.
Interface FastEthernet0/1 set to default configuration

 But if I try to add the MAC again I get the same message:

switch0(config-if)#switchport port-security
switch0(config-if)#switchport port-security mac-address 00d1.5935.06d3
Found duplicate mac-address 00d1.5935.06d3.
switch0(config-if)#^Z

Any other ideas?

 

Thank you in advance!

0 Helpful

barotabhi8
Level 1
Level 1
In response to Mary Leon

‎11-18-2023 12:52 PM

I think you should just reconfigure the switch there might be a hiccup somewhere

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to barotabhi8

‎11-18-2023 02:44 PM

sure if that is intended to work

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-14-2021 06:00 AM 

switch0(config)#default interface Fa0/1

after this steps - check the mac address table if that exists clear the MAC address table ? or check where this is lerning from

 

before you doing below steps :

switch0(config-if)#switchport port-security
switch0(config-if)#switchport port-security mac-address 00d1.5935.06d3
Found duplicate mac-address 00d1.5935.06d3.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mary Leon
Level 1
Level 1
In response to balaji.bandi

‎01-14-2021 06:31 AM

Thank you for your support, but I get the same result. 

This MAC is not in the mac address-table. 

When port-security is enabled, 

00d1.5935.06d3.

is display with show port-security address. I'm not able to remove it from that table, though.

 

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to Mary Leon

‎01-14-2021 08:53 AM

Hello,

 

I am pretty sure it is a flaw in Packet Tracer. Delete the switch altogether and add a new one...

0 Helpful

cam1729
Level 1
Level 1
In response to Georg Pauwen

‎04-11-2021 08:18 PM

Hello, I am a little late to the discussion but I had the same issue and was able to resolve it by clearing out port-security configs on that interface (with no commands such as 'no switchport port-fast mac-address sticky') then copying running config to startup config ('copy running-config startup-config') and rebooting the switch with the reload command (simply just 'reload' in privileged exec mode). This might be a little better so you don't lose any other changes you made on the switch. For reference I was working with a 2960-24tt switch. Anyway this is definitely a bug in packet tracer with the switch and I hope this helps!

isabelpgv
Level 1
Level 1
In response to cam1729

‎10-19-2021 07:40 PM

thanks, this worked!

0 Helpful

Daniel Lehwing
Level 1
Level 1
In response to cam1729

‎08-23-2023 12:03 PM

Thank you, it worked finally!!

0 Helpful

fodjofodjo
Level 1
Level 1
In response to cam1729

‎07-25-2024 09:26 AM

Thank you, your solution worked 

 

0 Helpful
Customers Also Viewed These Support Documents