Cisco Bug: CSCuo55022 - 3850 hosts not getting DHCP addresses when Port-security is enabled

Last Modified

Oct 14, 2019

Products (1)

Cisco Catalyst 3850 Series Switches

Known Affected Releases

15.0(1)S3.3

Description (partial)

Symptom:
When connecting a host into an access-port with Port-security enabled and using VLAN 325, the switch is not learning the MAC address of the end device and no DHCP address is leased to this host.

The following errors can be seen during the issue:
 
Mar 26 18:55:22.255: PSECURE: swidb = GigabitEthernet1/0/16 mac_addr = 5cf6.dc1b.ce17 vlanid = 325
Mar 26 18:55:22.255: PSECURE: Adding address vlan 325 5cf6.dc1b.ce17 to port-security
Mar 26 18:55:22.255: PSECURE: Adding addresses to port-security sub block
Mar 26 18:55:22.255: PSECURE: Internal error in adding address

Conditions:
Use of VLAN 325 plus Port-security on access ports. 
 
Example of port configuration:
 
interface GigabitEthernet1/0/16
switchport access vlan 325
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
spanning-tree portfast
spanning-tree bpduguard enable

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts