06-01-2003 02:02 PM - edited 03-02-2019 07:47 AM
We have a Cisco 2900 series switch with a port configured for "port security action shutdown" and "max-mac-count 1". It works like it's supposed to, but we ran across something strange that we can't explain:
One of the system administrators accidentally assigned a duplicate IP address to one of our host machines. Of course, the machine immediately shut off its network services and popped up an IP conflict message box; however, the switch port it was connected to (with port security configured) also shut down. When we configured the machine for the correct IP and cleared the mac on the port, it started working as it should. I did a test and changed the IP address of the machine to one that was NOT a duplicate IP and it also worked fine. Upon changing it back to a duplicate IP, though, the switch port shut down again.
Why is this happening? I understand how port security works and I realize it's a moot point either way, since a machine will shut down its network services anyway with a duplicate IP (even if the switch port doesn't). BUT, I assumed (maybe incorrectly) that the switch port tabled only the secure mac address. How is IP being thrown into this? Any answers would be appreciated.
Solved! Go to Solution.
06-03-2003 12:23 PM
There is no fix from Cisco side atleast, since our switches are working as expected. If you wish to pursue this, I suggest that you contact Microsoft support and ask them why a gratutious ARP with contender's IP address and Mac address is sent out. If you do contact them, please share your findings
06-03-2003 10:00 AM
There is a bug open for similar issue on a CAT5k which is closed
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCea47047
The problem was found to be with Microsoft Windows (NT, win2000). It is sending a gratutious ARP with contender's IP address and Mac address.
06-03-2003 12:15 PM
Thanks much for the info! This must not be a wide-spread problem since I only got 1 reply to this posting. I noticed there's really no bug fix for this....
06-03-2003 12:23 PM
There is no fix from Cisco side atleast, since our switches are working as expected. If you wish to pursue this, I suggest that you contact Microsoft support and ask them why a gratutious ARP with contender's IP address and Mac address is sent out. If you do contact them, please share your findings
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide