Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
4
Replies

Cisco Catalyst 2960 Switch MAC Flapping

Go to solution
nakata720
Level 1
Level 1

‎10-09-2023 04:06 AM

Hello everyone!

I added port-security to my switch a long time ago and today I had to migrate container from one node1 to node2. At the moment when I migrate the container I got SecurityViolation - 1 and the port on which the node2 is was shutdown. The problem which I am facing might be MAC Flapping because migration of the container is happening in a short period of time and my switch is detecting this a violation.

My port-security : 

nakata720_0-1696849240614.png

Commands which I have used : (After issuing these commands on each port I shut  the particular port and then apply no shut command)

nakata720_1-1696849264818.png

Node1 is using port 1 as you can see there are 2 mac addresses assigned - 1 for the node and 1 for the Container. Node 2 is using port 2.

Please can I seek and advice from you guys ? Is it possible to migrate the container without issue with configured port-security on both ports?

Thank you in advance ! 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-09-2023 04:16 AM

Personally if this is the Server and its known connected server, i remove port-security from that port.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to nakata720

‎10-09-2023 04:40 AM

yes  - i have seen this issue some hardware where i see both the ports send some same MAC, so the Switch dont like it.

Since its known device or Servers, by disabling the option fixed issue for me - that is the suggestion i would go for it to leave it,

Port securit  use case - where people should not connect any un-authorised devices (if they connect and get more MAC address port will be shutdown)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
M02@rt37
VIP
VIP

‎10-09-2023 04:15 AM - edited ‎10-09-2023 04:15 AM

Hello @nakata720,

The MAC address of the container is likely changing during migration, which can trigger a MAC address flapping violation. You can configure port-security to be more lenient during migration by increasing the MAC address violation action. The default action is to shut down the port, but you can change it to restrict or protect mode to allow for temporary violations without port shutdown.

After the migration is complete, you may need to clear the port-security violation on the affected port manually. Use the "clear port-security" command to clear the violation and re-enable the port.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-09-2023 04:16 AM

Personally if this is the Server and its known connected server, i remove port-security from that port.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
nakata720
Level 1
Level 1

‎10-09-2023 04:36 AM

Thank you guys for your replies !

Hello M02@rt37 ! I have tried assigning restrict violation mode on both ports. As result I got 72 error counts and I wasn't able to operate with the container properly. I haven't given a try with protect violation mode because I am under the impression that the result will be the same. 

 Hello balaji.bandi ! Up to now I am using this option and both nodes can migrate and operate properly. Maybe I will leave it like this for now.

Again thanks!

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to nakata720

‎10-09-2023 04:40 AM

yes  - i have seen this issue some hardware where i see both the ports send some same MAC, so the Switch dont like it.

Since its known device or Servers, by disabling the option fixed issue for me - that is the suggestion i would go for it to leave it,

Port securit  use case - where people should not connect any un-authorised devices (if they connect and get more MAC address port will be shutdown)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card