Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
880
Views
0
Helpful
6
Replies

mac-address issue and port-security

Go to solution
campbell-john
Level 1
Level 1

‎03-21-2018 09:41 AM - edited ‎03-08-2019 02:20 PM

Hi,

 

We currently have about 60 C3560 switches and about 300 desktop machines that have port-security applied to them.

 

For a few weeks now we have been experiencing random port lockouts due to an rogue mac-address and for the life of us we can't figure out where it is coming from.

 

The desktops are all DELL but are different models, running Windows 7 on a domain as with the other 300 machines.

 

It's always the same mac address regardless of the machine.  It's also affecting machines on different physical locations and switches.

 

The mac address is always 4000.0100.0000

 

Can anyone advise on how to track this one down? - Checks of the machines don't turn anything up so we're stumped.  It's also random and intermittent.

 

All switches are running the latest IOS

 

I have also found that if i set the port limit to two and put on sticky it still locks out.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎03-21-2018 09:50 AM

Hi,

For testing, can you try blocking the mac address on one of the switches?

mac address-table static 4000.0100.0000 vlan x drop

HTH

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎03-21-2018 09:50 AM

Hi,

For testing, can you try blocking the mac address on one of the switches?

mac address-table static 4000.0100.0000 vlan x drop

HTH

0 Helpful

Go to solution
campbell-john
Level 1
Level 1
In response to Reza Sharifi

‎03-21-2018 11:39 AM

Thanks, I will try that and report back.  Does this then apply before port security so a port should now no longer lock out?

 

If a match takes place does it get logged anywhere?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to campbell-john

‎03-21-2018 12:43 PM

You should be able to see it in the logs on the switch itself or a syslog server if you are logging to a host.

Does this then apply before port security so a port should now no longer lock out?

I don't have a device to test with but I think it should block it before port security. If it is after port security than it will not help you with this issue.

HTH

 

0 Helpful

Go to solution
campbell-john
Level 1
Level 1
In response to Reza Sharifi

‎03-21-2018 01:56 PM

I will give it a go and see.  I have a feeling that port-security will lock out the port before the filter takes effect.  As it's intermittant it might be some time before I can report back.  Fingers crossed this stops it.

0 Helpful

Go to solution
cuumatri2000@gmail.com
Level 1
Level 1

‎11-14-2018 06:54 PM

Hi friend, Your issue and I are the same.

If you solved this issue, please share with me.  

 

Thanks so much

0 Helpful

Go to solution
campbell-john
Level 1
Level 1
In response to cuumatri2000@gmail.com

‎11-15-2018 01:19 AM

Hi,

 

We've ran with this for a while now and so far it seems to have worked.

 

Just enter

 

mac address-table static xxxx.xxxx.xxxx vlan xx drop

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card