10-09-2023 04:06 AM
Hello everyone!
I added port-security to my switch a long time ago and today I had to migrate container from one node1 to node2. At the moment when I migrate the container I got SecurityViolation - 1 and the port on which the node2 is was shutdown. The problem which I am facing might be MAC Flapping because migration of the container is happening in a short period of time and my switch is detecting this a violation.
My port-security :
Commands which I have used : (After issuing these commands on each port I shut the particular port and then apply no shut command)
Node1 is using port 1 as you can see there are 2 mac addresses assigned - 1 for the node and 1 for the Container. Node 2 is using port 2.
Please can I seek and advice from you guys ? Is it possible to migrate the container without issue with configured port-security on both ports?
Thank you in advance !
Solved! Go to Solution.
10-09-2023 04:16 AM
Personally if this is the Server and its known connected server, i remove port-security from that port.
10-09-2023 04:40 AM
yes - i have seen this issue some hardware where i see both the ports send some same MAC, so the Switch dont like it.
Since its known device or Servers, by disabling the option fixed issue for me - that is the suggestion i would go for it to leave it,
Port securit use case - where people should not connect any un-authorised devices (if they connect and get more MAC address port will be shutdown)
10-09-2023 04:15 AM - edited 10-09-2023 04:15 AM
Hello @nakata720,
The MAC address of the container is likely changing during migration, which can trigger a MAC address flapping violation. You can configure port-security to be more lenient during migration by increasing the MAC address violation action. The default action is to shut down the port, but you can change it to restrict or protect mode to allow for temporary violations without port shutdown.
After the migration is complete, you may need to clear the port-security violation on the affected port manually. Use the "clear port-security" command to clear the violation and re-enable the port.
10-09-2023 04:16 AM
Personally if this is the Server and its known connected server, i remove port-security from that port.
10-09-2023 04:36 AM
Thank you guys for your replies !
Hello M02@rt37 ! I have tried assigning restrict violation mode on both ports. As result I got 72 error counts and I wasn't able to operate with the container properly. I haven't given a try with protect violation mode because I am under the impression that the result will be the same.
Hello balaji.bandi ! Up to now I am using this option and both nodes can migrate and operate properly. Maybe I will leave it like this for now.
Again thanks!
10-09-2023 04:40 AM
yes - i have seen this issue some hardware where i see both the ports send some same MAC, so the Switch dont like it.
Since its known device or Servers, by disabling the option fixed issue for me - that is the suggestion i would go for it to leave it,
Port securit use case - where people should not connect any un-authorised devices (if they connect and get more MAC address port will be shutdown)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide