Hi all,

I have configured default port-security configurations on the switchport where the hosts are connected.

int e0/1

 switchport mode acc

 switchport acc vlan 20

 switchport port-security !! First I configured this, port goes to err-disable

!! then I added this

 switchport port-security mac-address sticky !! still the port goes to err-disable

Anyone can simulate this either DHCP server is in the same or different vlan?

Please any comments gladly welcomed!

interface Ethernet0/1
switchport access vlan 20
switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address sticky d009.00a1.0001
switchport port-security

SW1#sh int status

Port Name Status Vlan Duplex Speed Type
Et0/0 err-disabled 20 auto auto unknown

SW1#sh int e0/0 status err-disabled

Port Name Status Reason Err-disabled Vlans
Et0/0 err-disabled psecure-violation

!! Debug output from the host when debug dhcp detail is enabled.

PC1(config-if)#
*Mar 1 01:59:11.995: RAC: Starting DHCP discover on Ethernet0
*Mar 1 01:59:11.995: DHCP: Try 1 to acquire address for Ethernet0
*Mar 1 01:59:12.003: DHCP: allocate request
*Mar 1 01:59:12.003: DHCP: new entry. add to queue, interface Ethernet0
*Mar 1 01:59:12.003: DHCP: SDiscover attempt # 1 for entry:
*Mar 1 01:59:12.003: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0
*Mar 1 01:59:12.003: Temp sub net mask: 0.0.0.0
*Mar 1 01:59:12.003: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Mar 1 01:59:12.003: DHCP transaction id: 56E
*Mar 1 01:59:12.003: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
PC1(config-if)#
*Mar 1 01:59:12.003: Next timer fires after: 00:00:04
*Mar 1 01:59:12.003: Retry count: 1 Client-ID: cisco-d009.00a1.0001-Et0
*Mar 1 01:59:12.003: Client-ID hex dump: 636973636F2D643030392E303061312E
*Mar 1 01:59:12.003: 303030312D457430
*Mar 1 01:59:12.003: Hostname: PC1
*Mar 1 01:59:12.003: DHCP: SDiscover: sending 290 byte length DHCP packet
*Mar 1 01:59:12.003: DHCP: SDiscover 290 bytes
*Mar 1 01:59:12.003: B'cast on Ethernet0 interface from 0.0.0.0
PC1(config-if)#
*Mar 1 01:59:13.251: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
*Mar 1 01:59:14.251: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
PC1(config-if)#
*Mar 1 01:59:15.591: DHCP: SDiscover attempt # 2 for entry:
*Mar 1 01:59:15.595: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0
*Mar 1 01:59:15.595: Temp sub net mask: 0.0.0.0
*Mar 1 01:59:15.599: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Mar 1 01:59:15.599: DHCP transaction id: 56E
*Mar 1 01:59:15.603: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Mar 1 01:59:15.603: Next timer fires after: 00:00:04
*Mar 1 01:59:15.603: Retry count: 2 Client-ID: cisco-d009.00a1.0001-Et0
*Mar 1 01:59:15.603: Client-ID hex dump: 636973636F2D643030392E303061312E
*Mar 1 01:59:15.603: 303030312D457430
PC1(config-if)#
*Mar 1 01:59:15.603: Hostname: PC1
*Mar 1 01:59:15.603: DHCP: SDiscover: sending 290 byte length DHCP packet
*Mar 1 01:59:15.603: DHCP: SDiscover 290 bytes
*Mar 1 01:59:15.603: B'cast on Ethernet0 interface from 0.0.0.0
PC1(config-if)#
*Mar 1 01:59:19.623: DHCP: SDiscover attempt # 3 for entry:
*Mar 1 01:59:19.627: Temp IP addr: 0.0.0.0 for peer on Interface: Ethernet0
*Mar 1 01:59:19.627: Temp sub net mask: 0.0.0.0
*Mar 1 01:59:19.631: DHCP Lease server: 0.0.0.0, state: 1 Selecting
*Mar 1 01:59:19.631: DHCP transaction id: 56E
*Mar 1 01:59:19.635: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Mar 1 01:59:19.635: Next timer fires after: 00:00:04
*Mar 1 01:59:19.639: Retry count: 3 Client-ID: cisco-d009.00a1.0001-Et0
*Mar 1 01:59:19.639: Client-ID hex dump: 636973636F2D643030392E303061312E
*Mar 1 01:59:19.647: 303030312D457430
PC1(config-if)#
*Mar 1 01:59:19.647: Hostname: PC1
*Mar 1 01:59:19.647: DHCP: SDiscover: sending 290 byte length DHCP packet
*Mar 1 01:59:19.647: DHCP: SDiscover 290 bytes
*Mar 1 01:59:19.647: B'cast on Ethernet0 interface from 0.0.0.0
PC1(config-if)#
*Mar 1 01:59:23.631: DHCP: QScan: Timed out Selecting state

Cheers,