Sticky Port problem

Jason · Guest

I have noticed something strange when I configure port-security on my
"SWITCH1". When I configure a sticky mac address everything seems to
work as it should, i.e. when I plug another device into the port I
cannot get a connection, but when I do a show port-security for the
interface it says "Port status : SecureUp" and no violation count
increment. Also when I unplug a cable I still see "Port status :
SecureUp" which is contrary to what I see on my other switch & I would
expect. One thing I have noticed is that it seems I deleted the entire
contents of the MAC address table at some point as I am seeing no CPU
entries, whereas on my other identical switch (2950) I see the below
listed in the MAC table (See both SWITCH1 & SWITCH2), could this be
causing the problem & if so how do I get them back? Also out of
curiosity what are they used for?

I have tried to enter the values manually but IOS doesn't allow it, I
have also wiped the switch & copied over a backed up startup-config &
vlan.dat but the MAC entries are still missing. Maybe this is not the
cause of the port-security problem so any suggestions on both problems
would be appreciated.

TIA, Jason

SWITCH1#show mac-address-table
Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0004.274c.9ca0 DYNAMIC Fa0/1
1 0040.63d8.ba0a STATIC Fa0/12
1 0040.63d8.bab8 DYNAMIC Fa0/4
10 0004.274c.9ca0 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 4

SWITCH2#show mac-address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000d.28f3.1680 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0004.274c.9ca0 DYNAMIC Fa0/1
1 000a.f4cb.dcc2 DYNAMIC Fa0/1
1 0040.63d8.ba0a STATIC Fa0/11
1 0040.63d8.bab8 DYNAMIC Fa0/1
2 000a.f4cb.dcc2 DYNAMIC Fa0/1
3 000a.f4cb.dcc2 DYNAMIC Fa0/1
10 000a.f4cb.dcc2 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 11

SWITCH1#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0x80010000, data-base: 0x80528000

ROM: Bootstrap program is CALHOUN boot loader

SWITCH1 uptime is 18 minutes
System returned to ROM by power-on
System image file is "flash:/c2950-i6q4l2-mz.121-11.EA1.bin"

cisco WS-C2950-12 (RC32300) processor (revision G0) with 20402K bytes of
memory.
Processor board ID FOC0638Y10G
Last reset from system-reset
Running Standard Image
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0A:F4:CB:DC:C0
Motherboard assembly number: 73-5782-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06380C9A
Power supply serial number: PHI06350618
Model revision number: G0
Motherboard revision number: A0
Model number: WS-C2950-12
System serial number: FOC0638Y10G
Configuration register is 0xF

hostname SWITCH1
!
enable secret 5
enable password 7
!
username Jason password 7
clock timezone GMT 0
ip subnet-zero
no ip domain-lookup
ip host groucho 192.168.1.100
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
description LINK TO GROUCHO
switchport mode trunk
no ip address
duplex full
speed 10
!
interface FastEthernet0/2
description LINK TO SWITCH2
switchport mode trunk
no ip address
!
interface FastEthernet0/3
description LINK TO SWITCH2
switchport mode trunk
no ip address
!
interface FastEthernet0/4
description LINK TO MY PC
switchport mode access
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/11
switchport mode access
no ip address
!
interface FastEthernet0/12
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0040.63d8.ba0a
no ip address
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.100
ip http server
!
!
line con 0
exec-timeout 0 0
login local
line vty 0 4
exec-timeout 0 0
password 7
login local
line vty 5 15
exec-timeout 0 0
password 7
login local
!
end

SWITCH1#show mac
SWITCH1#show mac-
SWITCH1#show mac-address-table
Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
1 0004.274c.9ca0 DYNAMIC Fa0/1
1 0040.63d8.ba0a STATIC Fa0/12
1 0040.63d8.bab8 DYNAMIC Fa0/4
10 0004.274c.9ca0 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 4
SWITCH1#show port
SWITCH1#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
------------------------------------------------------------------------
-------
Fa0/12 1 1 0
Shutdown
------------------------------------------------------------------------
-------
Total Addresses in System : 1
Max Addresses limit in System : 1024

SWITCH1#show port
SWITCH1#show port-security interf
SWITCH1#show port-security interface fa0/12
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0