04-03-2003 05:49 AM - edited 03-02-2019 06:22 AM
Implemented port security on C3500XL switch running following IOS;
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE
(fc1)
SWITCHA#sh run int fa0/39
Building configuration...
Current configuration:
!
interface FastEthernet0/39
port security max-mac-count 5
port security action shutdown
switchport access vlan 2
spanning-tree portfast
end
Shortly after implementing I received following syslog error from that switch;
Critical 30428: 44w4d: %PORT_SECURITY-2-SECURITYREJECT:
Security violation occurred on module 0 port 39 caused by MAC address e0e0.03ff.ff00
The mac address looked odd so I reviewed the secure mac table for the port;
SWITCHA#sh mac int fa0/39
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0050.dada.e2e7 Secure 2 FastEthernet0/39
e2e7.0085.e0e0 Secure 2 FastEthernet0/39
Again the second secure mac entry looked odd and since the offending address wasnt on that port I started looking at other ports and found the offending address on another port;
SWITCHA #sh mac int fa0/40
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0001.03a9.4038 Secure 2 FastEthernet0/40
e0e0.03ff.ff00 Secure 2 FastEthernet0/40
I then reviewed the IEEE mac list and found no manufactuer for either e2e700 or e0e003. The mac addresses also appear to be offset.
0050.dada.e2e7
e2e7.0085.e0e0
e0e0.03ff.ff00
I then deleted both e2e7.0085.e0e0 and e0e0.03ff.ff00 from the secure mac table. Things continued with incident. An additional confusion is that neither port had multiple computers connected. Both had a single dell laptop connected.
But on reviewing both ports the following morning;
SWITCHA #sh mac int fa0/39
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0050.dada.e2e7 Secure 2 FastEthernet0/39
e0e0.03ff.ff00 Secure 2 FastEthernet0/39
SWITCHA #sh mac int fa0/40
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0001.03a9.4038 Secure 2 FastEthernet0/40
4038.0091.e0e0 Secure 2 FastEthernet0/40
Shows the one odd mac addresses back in the secure mac table and a second new odd mac address neither of which are valid vendor mac addresses and again the offset seems to be involved.
Any ideas on what is causing these invalid mac addresses to be entered into the secure mac table for these ports?
04-09-2003 09:12 AM
Your problem looks like you are running some application in the laptop which causes this. You can install a sniffer and try to indentify the source of the mac address, which will give a better knowledge of your problem.
Also you can try configuring static mac address by using the command
mac-address-table static
http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35xu/cmdref/macrcli.htm#xtocid2472932
Check for any print services which has any printing problem, which may trigger these kind of problem.
Hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide