Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1431
Views
0
Helpful
2
Replies

Sticky MAC encountered issues

jrdejesus
Level 1
Level 1

‎07-30-2017 08:19 AM - edited ‎03-08-2019 11:32 AM

Hi,

Would like to seek advice on encountered issues with our network. We have a campus network and for security purposes, we configured sticky MAC and allow only three (3) MAC addresses to every ports. One of our users call our attention and reported that his LAPTOP suddenly cannot acquire valid IP address. We learn that he transfer from one location to another location meaning from one switch to another switch. For the first implementation of sticky MAC on interfaces, we don't encounter issue.The user transfer from one switch to another switch, suddenly encountered intermittent connection, sometimes the connection is working sometimes not. The user connects his laptop to a port which is available and no MAC address learned on the port. As expected, his laptop MAC address is learned from the original port and to the new port connection. He then transfer again from one switch to another switch same issue happen. What we do to isolate the issue is to bring the interface to default where the original termination of the user laptop MAC address first learned.

My questions are:

- Is that the normal behavior of the sticky MAC configuration?  - Because the laptop MAC address is learned from original connection and the switch store it to the MAC address table.

- Is there a way to address the issue to normally used the sticky MAC configuration and users can connect to another switch and another switch port as long as the port has sticky MAC also and no recent connection from another laptop.

Thanks

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎07-30-2017 12:09 PM

Hello,

the problem with sticky MAC addresses is that they do not age out and can only be cleared by manually clearing them from the port, or by reloading the switch (unless you have saved the config to NVRAM, in which case it remains even after reloading the switch).

In your case, I think it is better to configure dynamic learning as in the example below:

switchport port-security maximum 3
switchport port-security aging type inactivity
switchport port-security aging time 1

With this configuration, if your user moves his laptop to a different port, the address on the 'old' port ages out after 1 minute, and can then be relearned by the new port. A total of 3 MAC addresses is allowed in this example.

0 Helpful

jrdejesus
Level 1
Level 1
In response to Georg Pauwen

‎08-01-2017 12:27 AM

Hi,

Thanks Georg, will try configuring this in the coming days as we need to ask permission for network change.

Followup questions. We encountered one issue again when one of the users laptop MAC address is learned on one port of the switch, he transfer to another switch and he can access and gain network connectivity. For the third time he transfer again from another switch and can gain access from the network meaning he has valid IP address from one switch to another. But when he returned from his original connection that's the time he cannot get network connectivity and IP address. We traced the MAC address and it is earned from different switches. Would like to inquire about this scenarios. Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card