cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
572
Views
0
Helpful
3
Replies

why is port security errdisabling a small number of ports with no obvious fault?

I have two core switches with between 50 and 100 ports each configured for end users.  I have port security enabled on all of these ports.  3 of these ports in unrelated locations will almost immediately errdisable when portsecurity is turned on but are fine otherwise.  I have sticky MAC addresses on and have repeatedly reset the ports and the MAC addresses associated with them to no effect.  There is only one device connected to each port, a zero client.  The running configuration is identical to other working ports.  Is this a connection issue?

1 Accepted Solution

Accepted Solutions

Hi,

 

do you use any other security feature like dhcp snooping or dot1x?

with show port-security <interface> you get an output for securing-down the port.

 

also you can try debug port-security and provoke the error. then you can show me the output and I can help you.

 

I guess you use dot1x or not?

 

kind regards,

Flo

View solution in original post

3 Replies 3

Hi,

 

do you use any other security feature like dhcp snooping or dot1x?

with show port-security <interface> you get an output for securing-down the port.

 

also you can try debug port-security and provoke the error. then you can show me the output and I can help you.

 

I guess you use dot1x or not?

 

kind regards,

Flo

Aha!

Thank you for the direction Flo.  I don't have much experience with running the debug function, but when I did the problem was obvious.  One of the other ports on the switch had the same MAC address in it.  We sometimes move out thin clients around (we are in a school).  Apparently we had a port that we weren't using that the thin client was moved from.  The port was shut down but the sticky mac address was still in the configuration and was causing the problem port to be disabled.

I did the debug and provoked the error and was told which port was causing the problem and removed the MAC address from the unused port.  I've been banging my head on this one for a while but it was a  very easy fix.  Thanks!

This discussion has been reposted from Additional Communities to the LAN, Switching and Routing community.

Review Cisco Networking for a $25 gift card