Preview Tool

Cisco Bug: CSCvi03425 - Port Security triggers err-disable when Sticky MAC appears on a different port

Last Modified

Oct 14, 2019

Products (1)

  • Cisco Catalyst 4500 Series Switches

Known Affected Releases

15.2(2)E6 3.8(5)

Description (partial)

Port security is not behaving as expected with Stick MAC addresses, behavior is not consistent with documentation

Two different Scenarios are observed: 

1- Err-disable is triggered if Stick mac is cleared from original port:

-  MAC is sticky in port Gi3/27, moving connection to port Gi7/29 and no violation is triggered, packets are dropped silently
-  Violation counter is not increasing
-  Clearing MAC from port Gi3/27, and moved device to Gi7/29 and now port security violation is trigger on Gi7/29, moving the connection to a different port and violation is still causing port to goes to err-disable
- Debugs are now showing duplicate mac

2- Err-disable is triggered if original port is "Down" 

- Test was done with interface gig 1/1 with sticky MAC
-  Sending traffic with the same source MAC to port Gi7/1, while Gi1/1 is still up, the traffic is dropped silently
-  Shutting down port Gi1/1 and sending traffic with same MAC to Gi7/1, it triggers err-disable

Tested in 3.6.7E and 3.8.5E
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.