cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
AMA event- Migrating Existing Networks to Cisco ACI
399
Views
0
Helpful
0
Replies
Highlighted
Beginner

Sticky port-security + vPC issues

A server is dual-homed to two FEXs off two Nexus 7Ks. Traffic comes into one 7K and it doesn't have a MAC address table entry for the server's MAC so it unknown unicast floods that traffic. This generates a lot of unwanted traffic. The MAC address is in one 7K as a static MAC entry, this is presumably due to the port security method setup (sticky). Has anyone else seen this behavoir with sticky port-security on a pair of 7Ks setup in vPC mode with each other?

*** Config from one server interface ***

N7K1# sh run int eth121/1/22

!Command: show running-config interface Ethernet121/1/22

!Time: Mon May 20 14:23:06 2013

version 5.2(4)

interface Ethernet121/1/22

  switchport

  switchport access vlan 300

  switchport port-security

  switchport port-security mac-address sticky

  no shutdown

*** MAC address learned on one 7K ***

N7K1# sh mac address-table interface Ethernet121/1/22

Legend:

        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC

        age - seconds since last seen,+ - primary entry using vPC Peer-Link

   VLAN     MAC Address      Type      age     Secure NTFY Ports/SWID.SSID.LID

---------+-----------------+--------+---------+------+----+------------------

* 300      0022.195a.6d39    static       -       T    T  Eth121/1/22

*** MAC address NOT learned on second 7K ***

N7K2# sh mac address-table address 0022.195a.6d39

Legend:

        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC

        age - seconds since last seen,+ - primary entry using vPC Peer-Link

   VLAN     MAC Address      Type      age     Secure NTFY Ports/SWID.SSID.LID

---------+-----------------+--------+---------+------+----+------------------

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards