Port-security: Found duplicate mac-address - Page 2

Mary Leon · ‎01-12-2021

Hello, everyone,

I am playing around with Packet Tracer 7.3.1 in a 2950-24 switch trying to figure out how port-security works:

I ran successfully these commands:

switch0(config-if)#switchport mode access
switch0(config-if)#switchport port-security
switch0(config-if)#switchport port-security mac-address 00D1.5935.06D3
switch0(config-if)#

Later on, I had to disable port-security and remove (I thought successfully removed) the mac address with:

switch0(config-if)#no switchport port-security
switch0(config-if)#no switchport port-security mac-address 00D1.5935.06D3

Now I would like to add the same mac-address to the same interface and I can't figure out how to get rid of this message:

switch0(config-if)#switchport port-security
switch0(config-if)#switchport port-security mac-address 00D1.5935.06D3
Found duplicate mac-address 00D1.5935.06D3

I'm not sure where this mac-address has been kept.

switch0#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0061.47b5.bd97 STATIC Fa0/4

and switch running config shows no mac configured:

switch0#show running-config
Building configuration...
Current configuration : 1146 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname switch0
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode access
switchport port-security
!
interface FastEthernet0/2
(...)

Finally,

switch0#show port-security int Fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 00D1.5935.06D3:1
Security Violation Count : 0

As you can see, configured mac addresses is 0. How could I fix this problem of Found duplicate MAC address? Where has been kept the MAC I added in the first place and why am I not able to remove it?

A second question I found at an earlier stage is that MAC table adds a static entry to the table for the MAC configured with port-security. Is it a correct behaviour? May I ask you why?

Thank you in advance.

balaji.bandi · ‎01-14-2021

00D1.5935.06D3

Do you have device connected while you configuring the port ?

interface Fa0/1

default the interface fast 0/1

post

show mac address table

show interface status

show ver

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

eddieeddie · ‎07-23-2021

Hi, I try the same issue, I try shut/no shut the interface, then add again the mac-address it's work!

balaji.bandi · ‎07-23-2021

Glad to know all works, is this resolved or still issue ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎07-25-2021

Hello

You just need to shutdown the interface first then remove port-sec off/on the interface and you should be good

int x/x
shutdown
no switchport port-security
no switchport port-security mac-address xxxx.xxxx.xxxx

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TeamVV · ‎02-25-2025

Hello,

I had the same issue with a 2960X. I found an easy way to make it works without rebooting the switch or shutting down the interface. Let's say you want to add mac-address 00D1.5935.06D3 as in your example. You need to use the following commands :

switch0(config-if)#no switchport port-security
switch0(config-if)#switchport port-security mac-address 00D1.5935.06D
switch0(config-if)#switchport port-security

Et voilà !