Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1226
Views
0
Helpful
4
Replies

3750 Port-security w/vmware

Marc D
Level 1
Level 1

‎01-31-2005 05:09 AM - edited ‎03-02-2019 09:23 PM

Hi there,

We're implementing port-security on our 3750 access switches. Some of our users need to have vmware running. Vmware, for an ungodly reason, seems to create a virtual mac address that, of course, triggers the port security.

My question is two-folds

1) Can I allow, on all ports, all 000c.29* mac addresses so that vmware's are allowed through?

2) Does anyone one know how to prevent vmware from spoofing a mac address?

Thanks.

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎01-31-2005 05:47 AM

I would look if there is a way in VMWARE to manually specify the mac address for each hosted system.

Let me know whether or not you find this link helpful:

http://www.vmware.com/support/esx/doc/set_mac_esx.html

0 Helpful

Marc D
Level 1
Level 1
In response to ehirsel

‎01-31-2005 08:49 AM

This certainly helps, and works, however it implies that users go manually into configuration files and modify them. It also implies that we have to keep a table of some sort of what mac address we assign to which user and thus, which port.

We will also have problems with changing PC's or laptops. It seems that when you add 1 static mac address on a port, all other mac addresses on this port become static.

#show run int fa 3/0/44

Building configuration...

Current configuration : 404 bytes

!

interface FastEthernet3/0/44

switchport access vlan 210

switchport mode access

switchport port-security

switchport port-security maximum 2

switchport port-security aging time 2

switchport port-security violation protect

switchport port-security aging type inactivity

switchport port-security mac-address 000c.2911.aa11

no mdix auto

spanning-tree portfast

spanning-tree bpduguard enable

end

#show mac- int fa 3/0/44

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

210 0006.5b95.d931 STATIC Fa3/0/44

210 000c.2911.aa11 STATIC Fa3/0/44

The first one is my PC's MAC, which would otherwise be a dynamically discovered, but when I added the second one in the config (switchport port-security mac-address 000c.2911.aa11), it seems to have switched the port's MAC learning mode from dynamic to sticky. Could this be or am I doing something wrong?

This coudl be a step in the right direction but there's something missing still, I think.

0 Helpful

b-watkins
Level 1
Level 1

‎01-31-2005 07:25 AM

Depending on the actual needs of your users who have VMWare, there is a network mode for it that will do NAT instead of bridged mode. All traffic from these systems will be seen as coming from the host workstation. This may not be ideal, depending on exactly what is performed by the virtual machines, but it's a possibility.

0 Helpful

Marc D
Level 1
Level 1
In response to b-watkins

‎01-31-2005 08:58 AM

Unfortunately, no. The VM's the users usually work on are dev servers that multiple users collaborate on. Also, I don't like the default 192.168.x.x stuff getting on our 10.x.x.x network.

I just don't get why VMWare FORCES users to do this. I understand that DHCP servers wouldn't dish out multiple IP's to the same MAC, but I'd still like to have a choice. Anyways, that rant doesn't belong here.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card