Symptom

A traffic arriving on an interface triggers a port-security violation due to the interface exceeding the Maximum allowed MACs , causing the interface to go into error-disabled state. If this traffic, sourced from the MAC that caused the port-security violation is received on a new interface , the new interface wont be able to learn the MAC address unless the "clear mac address-table dynamic interface " command is entered.

Conditions

1. An interface going to error-disabled due to a port-security violation. 2. No actions are done to bring up the error-disabled interface. 3. The MAC that caused the violation arrives on a new interface.

Workaround

As workaround you can use either of this options: 1. Bring up the disabled interface by entering shut/no shut. 2. Enter the "clear mac address-table dynamic interface E x/y" command on the new interface receiving the traffic

Further Problem Description