Hello everyone,

I have had a strange issue thought I may ask the group.  I have a fleet of 891F routers, IOS 15.5(3)M.  For these routers we use mac-address table security since they don't have switchport security.  This has been working mostly well.  However, on at least two occasions, the security feature seems to drop traffic from layer 3 with no changes to the mac-address table. 

I first verified the MAC that was learned and secured for the interface was still correct, and it was no changes.  Second, if I viewed the mac-address table, there was a dynamic MAC for the interface.  That tells me the router is seeing layer 2 traffic, and the NIC etc... Also, the interface was UP-UP.  The MAC was the same one that was identified in the mac-address table secure sticky, so it never changed.  Then, I checked the ARP table and there was no ARP entry for the expected IP of the host.  After turning off the mac-address security, the host came alive. 

This has happened at two different locations, but seems to work well.  The host is a vendor device.  We are still trying to identify if there are any settings, spoofing or other strange things on their end, but that will be tough.  So, I was wondering from a Cisco end, is there any caveats, pros-cons to running security the way we are with these 891F's?  I haven't seen any Cisco caveats relating to this feature.  It also isn't like port security where you see a violation with show port-security.  Is anyone else running this feature with good or bad success?  Any recommendations would be welcome.

Thanks for any insight from the community.

Chris