I have a lot of Teradici thin clients connected to a Cisco 9300 access layer switch with Port Security enabled on the ports. Port security will trip at random intervals (sometimes 5 hours, sometimes, 12) and shutdown the port. When logs are checked, the mac address tripping is not a device on our network and is always a different mac -- as if it were randomly generated. From a networking perspective, the switch is behaving as it it should as it sees another mac and shuts down the port. This has happened both during off hours when no one is present and during working hours when the device is actively being used.
The Thin client itself passes minimal traffic to the VMWare server and to its PCOIP server. I have switched out devices, cables, and updated firmware on the thin client.
My question is, first of all, has anyone else encountered this, and is there anything from a network perspective that could cause a switch to see a random mac address coming from a device like this.
it could be a bug, but I don't really think so.
Is it happening on multiple ports where thin clients are connected?
And is it ONLY happening on ports where thin clients are connected?
If yes, I would guess that the thin clients are really sending a frame with such source MAC addresses from time to time.
Would be nice to see what's really going on on the wire with a SPAN session and packet capture in the moment where it happenes.
Have you looked up the MAC addresses that seem random?
Are the MAC addresses registered to any vendor?
This is only happening on ports where Thin Clients are connected and it has happened with different thin clients in different physical locations and on different vlanned networks.
I have yet to be able to capture this on a SPAN port as it is very unpredictable.
I have looked up the MACs that it generates and cannot find a valid network card vendor.