Wednesday, November 14, 2018

Question: Port-sec violations and dynamic MAC addresses not flushing from old port

2960X on 15.x, port-sec w/ max 5, using phone and desktop. Users at a site are moving things around, so I don't know the order of their operations. In one instance, a couple phones are moved to different switchports and those switchports go down. Shut/noshut does not fix it because they go down AGAIN as the MAC is still on the old port. We are only using dynamic and no sticky.

Today I checked the switch and port-sec had shut another port several days ago. I shut/noshut and it returned to normal, port-sec showing a new MAC. Obviously I don't know remotely what went on, but my general takeaway was that I did not know how mac address aging interacts with port-sec aging. We have no port-sec aging, and with the first experience my impression was that it would stick until cleared. With the second it was that it had flushed from either/both.

If anyone can speak to this and how they affect each other I would appreciate it.



No comments:

Post a Comment