Guest

Preview Tool

Cisco Bug: CSCvi03425 - Port Security triggers err-disable when Sticky MAC appears on a different port

Last Modified

Aug 09, 2019

Products (1)

  • Cisco Catalyst 4500 Series Switches

Known Affected Releases

15.2(2)E6 3.8(5)

Description (partial)

Symptom:
Port security is not behaving as expected with Stick MAC addresses, behavior is not consistent with documentation

Two different Scenarios are observed: 

1- Err-disable is triggered if Stick mac is cleared from original port:

-  MAC is sticky in port Gi3/27, moving connection to port Gi7/29 and no violation is triggered, packets are dropped silently
-  Violation counter is not increasing
-  Clearing MAC from port Gi3/27, and moved device to Gi7/29 and now port security violation is trigger on Gi7/29, moving the connection to a different port and violation is still causing port to goes to err-disable
- Debugs are now showing duplicate mac

2- Err-disable is triggered if original port is "Down" 

- Test was done with interface gig 1/1 with sticky MAC
-  Sending traffic with the same source MAC to port Gi7/1, while Gi1/1 is still up, the traffic is dropped silently
-  Shutting down port Gi1/1 and sending traffic with same MAC to Gi7/1, it triggers err-disable

Conditions:
Tested in 3.6.7E and 3.8.5E
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.