Sticky Port problem

Sticky Port problem
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 alt.certification.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Sticky Port problem Jason 02-24-2008
Posted by Jason on February 24, 2008, 11:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have noticed something strange when I configure port-security on my
"SWITCH1". When I configure a sticky mac address everything seems to
work as it should, i.e. when I plug another device into the port I
cannot get a connection, but when I do a show port-security for the
interface it says "Port status : SecureUp" and no violation count
increment. Also when I unplug a cable I still see "Port status :
SecureUp" which is contrary to what I see on my other switch & I would
expect. One thing I have noticed is that it seems I deleted the entire
contents of the MAC address table at some point as I am seeing no CPU
entries, whereas on my other identical switch (2950) I see the below
listed in the MAC table (See both SWITCH1 & SWITCH2), could this be
causing the problem & if so how do I get them back? Also out of
curiosity what are they used for?

I have tried to enter the values manually but IOS doesn't allow it, I
have also wiped the switch & copied over a backed up startup-config &
vlan.dat but the MAC entries are still missing. Maybe this is not the
cause of the port-security problem so any suggestions on both problems
would be appreciated.

TIA, Jason

SWITCH1#show mac-address-table
Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0004.274c.9ca0 DYNAMIC Fa0/1
1 0040.63d8.ba0a STATIC Fa0/12
1 0040.63d8.bab8 DYNAMIC Fa0/4
10 0004.274c.9ca0 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 4


SWITCH2#show mac-address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000d.28f3.1680 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0004.274c.9ca0 DYNAMIC Fa0/1
1 000a.f4cb.dcc2 DYNAMIC Fa0/1
1 0040.63d8.ba0a STATIC Fa0/11
1 0040.63d8.bab8 DYNAMIC Fa0/1
2 000a.f4cb.dcc2 DYNAMIC Fa0/1
3 000a.f4cb.dcc2 DYNAMIC Fa0/1
10 000a.f4cb.dcc2 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 11



SWITCH1#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0x80010000, data-base: 0x80528000

ROM: Bootstrap program is CALHOUN boot loader

SWITCH1 uptime is 18 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-11.EA1.bin"

cisco WS-C2950-12 (RC32300) processor (revision G0) with 20402K bytes of
memory.
Processor board ID FOC0638Y10G
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0A:F4:CB:DC:C0
Motherboard assembly number: 73-5782-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06380C9A
Power supply serial number: PHI06350618
Model revision number: G0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FOC0638Y10G
Configuration register is 0xF


hostname SWITCH1
!
enable secret 5
enable password 7
!
username Jason password 7
clock timezone GMT 0
ip subnet-zero
no ip domain-lookup
ip host groucho 192.168.1.100
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
description LINK TO GROUCHO
switchport mode trunk
no ip address
duplex full
speed 10
!
interface FastEthernet0/2
description LINK TO SWITCH2
switchport mode trunk
no ip address
!
interface FastEthernet0/3
description LINK TO SWITCH2
switchport mode trunk
no ip address
!
interface FastEthernet0/4
description LINK TO MY PC
switchport mode access
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/11
switchport mode access
no ip address
!
interface FastEthernet0/12
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0040.63d8.ba0a
no ip address
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.100
ip http server
!
!
line con 0
exec-timeout 0 0
login local
line vty 0 4
exec-timeout 0 0
password 7
login local
line vty 5 15
exec-timeout 0 0
password 7
login local
!
end

SWITCH1#show mac
SWITCH1#show mac-
SWITCH1#show mac-address-table
Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0004.274c.9ca0 DYNAMIC Fa0/1
1 0040.63d8.ba0a STATIC Fa0/12
1 0040.63d8.bab8 DYNAMIC Fa0/4
10 0004.274c.9ca0 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 4
SWITCH1#show port
SWITCH1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
------------------------------------------------------------------------
-------
Fa0/12 1 1 0
Shutdown
------------------------------------------------------------------------
-------
Total Addresses in System : 1
Max Addresses limit in System : 1024

SWITCH1#show port
SWITCH1#show port-security interf
SWITCH1#show port-security interface fa0/12
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0

Pure Networks
Posted by Jason on February 27, 2008, 6:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> I have noticed something strange when I configure port-security on my
> "SWITCH1". When I configure a sticky mac address everything seems to
> work as it should, i.e. when I plug another device into the port I
> cannot get a connection, but when I do a show port-security for the
> interface it says "Port status : SecureUp" and no violation count
> increment. Also when I unplug a cable I still see "Port status :
> SecureUp" which is contrary to what I see on my other switch & I would
> expect. One thing I have noticed is that it seems I deleted the entire
> contents of the MAC address table at some point as I am seeing no CPU
> entries, whereas on my other identical switch (2950) I see the below
> listed in the MAC table (See both SWITCH1 & SWITCH2), could this be
> causing the problem & if so how do I get them back? Also out of
> curiosity what are they used for?
>
> I have tried to enter the values manually but IOS doesn't allow it, I
> have also wiped the switch & copied over a backed up startup-config &
> vlan.dat but the MAC entries are still missing. Maybe this is not the
> cause of the port-security problem so any suggestions on both problems
> would be appreciated.
>
> TIA, Jason
>


For anyone who is interested I have solved the mystery of the missing MAC
address table entries & strange switch behavior. It seems that the switches
were running different versions of IOS.

SWITCH1 was running version:

c2950-i6q4l2-mz.121-11.EA1.bin

with SWITCH2 running version

c2950-i6q4l2-mz.121-13.EA1.bin

Once I copied the IOS from SWITCH2 to SWITCH1 everything started working
correctly & the MAC address tables matched. I think the MAC address table
in SWITCH1 was always missing the CPU entries but I only noticed when
compared to SWITCH2, and I wrongly assumed that I had somehow deleted them
- it's all part of the learning curve I suppose.

Jason.

Similar ThreadsPosted
Problem with Cisco Switch Port Please Help August 23, 2005, 12:43 pm
Modem DialIn AUX port problem September 30, 2006, 2:57 pm
MAC ADdress sticky-help please! November 16, 2006, 2:52 am
port forwarding port ranges and ipv6 tunneling April 15, 2006, 4:20 am
help with CLI to add nat port foward June 17, 2005, 1:33 pm
Console Port - DB9 (cant be done) July 7, 2005, 9:57 pm
cisco - vpn one port May 16, 2006, 7:09 am
I have some a Port Adaper . August 23, 2006, 11:52 pm
port testing January 10, 2007, 1:46 pm
need help on port opening January 31, 2007, 8:51 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map