11-19-2013 07:40 AM - edited 03-07-2019 04:40 PM
Hi all,
I am facing a strange issue here on a production switch (Cisco 2960 IOS 12.2(55)SE5)
I have the following entry in my cam table:
switch#show mac add int gi0/10
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
123 1234.1234.1234 STATIC Drop
Although this mac-id has not been statically entered in any way it shows up as static and I can't remove it. I tried all possible clear commands without success. As a last step I reset the interface to the default empty config just configuring it as access port in an office vlan.
I am trying to avoid having to reload the switch to clear the related memory as this generates downtime. Has anyone ever faced such an issue and can advise me?
Logs:
switch#show mac add add 1234.1234.1234
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
123 1234.1234.1234 STATIC Drop <-- note the "interface"
Total Mac Addresses for this criterion: 1
Current configuration : 47 bytes
!
interface GigabitEthernet0/10
shutdown
end
switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#int gi0/10
switch(config-if)#sw mod ac
switch(config-if)#sw ac vl 123
switch(config-if)#no sh
switch(config-if)#do sh mac add int gi0/10
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
123 1234.1234.1234 STATIC Drop
Total Mac Addresses for this criterion: 1
switch(config)#clear mac address-table static 1234.1234.1234 vlan 123 drop
MAC address could not be removed.
Address is not user configured
switch#clear mac add dynamic address 1234.1234.1234
switch#sh mac add add 1234.1234.1234
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
123 1234.1234.1234 STATIC Drop
Total Mac Addresses for this criterion: 1
11-19-2013 09:58 AM
Hi,
Can you try this please.
1> Was any port security configured in this interface or this switch.
2> can you share the output of the command show run | i 1234.1234.1234.1234
HTH
Regards
Umesh
11-20-2013 12:20 AM
Hi Umesh,
Of course there is nothing with this mac in the config. That was like the first thing that has been checked. There was dot1x running on this and all the other ports which of course has been disabled and cleared accordingly.
The problem is that there is some sort of cam table holding the Drop entries and although it should the memory is not being freed up when using the commands according to the documentation.
This is definitely a question for an IOS geek or someone who already had a similar issue once. If I open a TAC case they will tell me to reboot so the only hope is really someone who had this issue already once and resolved it without reboot.
Anyone with experience in this?
11-21-2013 01:30 AM
A restart solved the issue. Unfortunately, there was no workaround
08-09-2021 10:20 AM
I had a real similar issue to this. The MAC address was showing up on two different ports. I removed the 802.1x configuration on both ports and it resolved the issue. I was going to reboot the switch if that had not fixed the problem.
11-09-2022 11:47 AM - edited 11-09-2022 11:48 AM
I had this problem today as well. Got the "MAC address could not be removed. Address is not user configured" also. Similar to another reply below, I had to remove all port-security commands from both ports. Meaning, a) the port the MAC address was stuck on, and b) the port I was trying to move the device with that MAC address to. I tried both permutations of removing port-security from one port or the other, neither configuration worked, I had to remove all port-security commands from both ports. This was the only way to avoid restarting the switch midday.
Now the MAC address shows on both ports, the old and new. At my level of understanding this seems like a bug:
OC-12th-Access-1#show mac address-table addr 4825.671e.7f71
Load for five secs: 38%/0%; one minute: 39%; five minutes: 41%
Time source is NTP, 11:39:52.690 PST Wed Nov 9 2022
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
112 4825.671e.7f71 DYNAMIC Gi4/0/41 <-- New port device was moved to
140 4825.671e.7f71 STATIC Gi2/0/27 <-- Old port device was connected to
Total Mac Addresses for this criterion: 2
OC-12th-Access-1#
We're running c2960x-universalk9-mz.150-2.EX5.bin on this stack.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide