- Cisco Community
- Technology and Support
- Networking
- Switching
- MAC Move on N9K
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
MAC Move on N9K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2022 04:26 AM
Hi all,
We have two N9K connect with trunk port.
Customer_A: connect to N9K_A
Customer_B: connect to N9K_B
There are port security on those two ports.
### N9K_A
interface port-channel39
description for "Cusomter_A"
switchport
switchport access vlan 55
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree guard root
switchport port-security violation restrict
switchport port-security
switchport port-security mac-address aaaa.bbbb.cccc
### N9K_B
interface Ethernet6/10
description "Customer_B"
switchport
switchport access vlan 55
switchport port-security violation restrict
switchport port-security
switchport port-security mac-address cccc.bbbb.aaaa
no shutdown
################################################################
1. if_index = 1a300800 => N9K_B int Eth6/10
2. There is no connection between Cusomter_A and Customer_B
3. Customer_A & Customer_B are using L3 Port to connect to N9K
4. The log as below
#####
[mm/dd/yyyy 10:10:25.933181]: post_psec_del_macs(2606):DYNAMIC or DOT1X MAC
[mm/dd/yyyy 10:10:25.933177]: post_psec_del_macs(2602):mac_type = 64, entry->mac_type = 64, cfs_flush = 0, disable_port_sec = 0, skip = 0
[mm/dd/yyyy 10:10:25.933172]: post_psec_del_macs(2536):psec_enable_disable_mac_entry->clear_mac 0
[mm/dd/yyyy 10:10:25.933168]: post_psec_del_macs(2535):mac_type 64
[mm/dd/yyyy 10:10:25.933164]: post_psec_del_macs(2534):psec_enable_disable_mac_entry->disable_port_sec 0
[mm/dd/yyyy 10:10:25.933160]: delete_timer_info(5591): Deleted Timer node
[mm/dd/yyyy 10:10:25.933154]: psec_timer_destroy:(92)
[mm/dd/yyyy 10:10:25.933148]: Inside delete_timer_info(5561):
[mm/dd/yyyy 10:10:25.933056]: post_psec_del_macs(2366): get_mac_type FAILED
[mm/dd/yyyy 10:10:25.933042]: post_psec_del_macs(2363): BLOCKED _mac_type
[mm/dd/yyyy 10:10:25.933011]: Inside get_mac_type:(2157)
[mm/dd/yyyy 10:10:25.933006]: post_psec_del_macs(2356): if_index = 1a300800, vlan_id = 55 mac_address = aaaa.bbbb.cccc
[mm/dd/yyyy 10:10:25.932992]: psec_get_mcec_switch_role(7111): VPC role is 0
[mm/dd/yyyy 10:10:25.932987]: post_psec_del_macs(2322): msg_type = 1, if_index = 0, status = 0, num_msg = 1
[mm/dd/yyyy 10:10:25.932968]: Inside post_psec_del_macs(2262)
[mm/dd/yyyy 10:10:25.932960]: psec_timer_destroy:(92)
[mm/dd/yyyy 10:10:25.932956]: psec_timer_stop:(42)[mm/dd/yyyy 10:10:25.932947]: Find pending mts request to hash table, opcode MTS_OPC_L2FM_STATIC_L2FT_ENTRY_DELETE, msg_id (566584604) rr_token 0x21c55a5a
[mm/dd/yyyy 10:10:25.37725]: psec_pss_read_config(504): Successfully read config interface information from cache
[mm/dd/yyyy 10:10:25.37720]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:10:25.37713]: eth_port_sec_polling_timer_event_action(400):if_index 0x1a300800, vlan_id 33, mac aaaa.bbbb.cccc
[mm/dd/yyyy 10:10:25.37705]: eth_port_sec_polling_timer_event(462):
[mm/dd/yyyy 10:10:25.37701]: psec_timer_msg_handler: for type 2[mm/dd/yyyy 10:10:25.37693]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:10:25.37688]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:10:18.511914]: set_block_entry_flag(2142):Setting the L2FM_REQ_SENT flage for mac :aaaa.bbbb.cccc
[mm/dd/yyyy 10:10:18.511908]: set_block_entry_flag(2126): if_index:1a300800 vlan_id:33 mac :aaaa.bbbb.cccc
[mm/dd/yyyy 10:10:18.511899]: eth_port_sec_add_mts_req_to_pending_htbl(194): Before calling pending_hashtable_insert rr_token = 21c55a5a
[mm/dd/yyyy 10:10:18.511894]: psec_timer_start: delay 10
[mm/dd/yyyy 10:10:18.511861]: Adding pending mts request to hash table, rr_token 0x21c55a5a
[mm/dd/yyyy 10:10:18.511849]: psec_mark_mac_sent_for_deletion(1620):mac type not dynamic. returning.
[mm/dd/yyyy 10:10:18.511841]: Inside psec_mark_mac_sent_for_deletion(1584) for:port Ethernet6/10, MAC aaaa.bbbb.cccc, Vlan 55
[mm/dd/yyyy 10:10:18.511826]: port_sec_static_mac_addr_ins_del(213): Successfully sent to L2FM
[mm/dd/yyyy 10:10:18.511787]: port_sec_static_mac_addr_ins_del(200): if_index = 1a300800, vlan_id = 55, mac_address = aaaa.bbbb.cccc flag = 0
[mm/dd/yyyy 10:10:18.511781]: Inside port_sec_static_mac_addr_ins_del(175): Request to DELETE MAC
[mm/dd/yyyy 10:10:18.511773]: port_sec_static_mac_addr_ins_del(155):first vlan id :33
[mm/dd/yyyy 10:10:18.511769]: port_sec_static_mac_addr_ins_del(154):entries :1
[mm/dd/yyyy 10:10:18.511642]: psec_send_del_dyn_mac_entry(92): if_index = 0x1a300800, vlan_id = 55, mac_address = aaaa.bbbb.cccc, sync 0, mac_type 64, flag 0x0
[mm/dd/yyyy 10:10:18.511611]: Inside: psec_pss_read(411) type 1
[mm/dd/yyyy 10:10:18.511606]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:10:18.511600]: eth_port_sec_abs_inact_timer_event(220): if_index = 1a300800, vlan_id = 55, mac_address = aaaa.bbbb.cccc
[mm/dd/yyyy 10:10:18.511592]: psec_timer_msg_handler: for type 1[mm/dd/yyyy 10:10:18.511584]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:10:18.511579]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:09:25.4385]: eth_port_sec_polling_timer_event_action(400):if_index 0x1a300800, vlan_id 33, mac aaaa.bbbb.cccc
[mm/dd/yyyy 10:09:25.4378]: eth_port_sec_polling_timer_event(462):
[mm/dd/yyyy 10:09:25.4374]: psec_timer_msg_handler: for type 2[mm/dd/yyyy 10:09:25.4366]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:09:25.4361]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:08:24.944392]: eth_port_sec_polling_timer_event_action(400):if_index 0x1a300800, vlan_id 33, mac aaaa.bbbb.cccc
[mm/dd/yyyy 10:08:24.944385]: eth_port_sec_polling_timer_event(462):
[mm/dd/yyyy 10:08:24.944381]: psec_timer_msg_handler: for type 2[mm/dd/yyyy 10:08:24.944373]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:08:24.944367]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:07:24.884396]: eth_port_sec_polling_timer_event_action(400):if_index 0x1a300800, vlan_id 33, mac aaaa.bbbb.cccc
[mm/dd/yyyy 10:07:24.884389]: eth_port_sec_polling_timer_event(462):
[mm/dd/yyyy 10:07:24.884384]: psec_timer_msg_handler: for type 2[mm/dd/yyyy 10:07:24.884377]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:07:24.884371]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:06:24.824408]: eth_port_sec_polling_timer_event_action(400):if_index 0x1a300800, vlan_id 33, mac aaaa.bbbb.cccc
[mm/dd/yyyy 10:06:24.824401]: eth_port_sec_polling_timer_event(462):
[mm/dd/yyyy 10:06:24.824397]: psec_timer_msg_handler: for type 2[mm/dd/yyyy 10:06:24.824388]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:06:24.824383]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:05:24.764985]: eth_port_sec_polling_timer_event_action(400):if_index 0x1a300800, vlan_id 33, mac aaaa.bbbb.cccc
[mm/dd/yyyy 10:05:24.764978]: eth_port_sec_polling_timer_event(462):
[mm/dd/yyyy 10:05:24.764973]: psec_timer_msg_handler: for type 2[mm/dd/yyyy 10:05:24.764966]: eth_port_sec_get_data_from_queue(2011): dequeued timer msg
[mm/dd/yyyy 10:05:24.764960]: eth_port_sec_get_data_from_queue(2009):[mm/dd/yyyy 10:05:18.331869]: Exiting update_mac_addr_hash_table(368)
[mm/dd/yyyy 10:05:18.331860]: update_mac_addr_hash_table(298): if_index = 1a300800, vlan_id = 55, mac_addr = aaaa.bbbb.cccc remaining_age = 5, remotely_learnt = 0, remotely_aged_out = 0 flag = 41 MACg柿#01/[mm/dd/yyyy 10:05:18.331813]:
Inside: psec_pss_save_config(207)[mm/dd/yyyy 10:05:18.331807]: create_new_dyn_timer(7018): Successfully created timer for MAC: if_index = 1a300800, vlan_id = 55, mac_addr = aaaa.bbbb.cccc, timer_type = 1
[mm/dd/yyyy 10:05:18.331799]: psec_timer_start: delay 5
[mm/dd/yyyy 10:05:18.331790]: psec_timer_init: timer_type 1
[mm/dd/yyyy 10:05:18.331784]: Inside create_new_dyn_timer(6942):
[mm/dd/yyyy 10:05:18.331780]: create_blocked_mac_entry(9868): Before calling create_new_dyn_timer
[mm/dd/yyyy 10:05:18.331776]: Inside create_blocked_mac_entry(9865)
[mm/dd/yyyy 10:05:18.331725]: eth_port_sec_update_intf(387):Updating run time info 0x1a300800
[mm/dd/yyyy 10:05:18.331720]: Inside: psec_pss_save_config(207)[mm/dd/yyyy 10:05:18.331716]: psec_config_dyn_mac(6879): Saving Trap count 3
[mm/dd/yyyy 10:05:18.331652]: psec_pss_save_viol_reason(1413):Saving violation reason on Vlan 55
[mm/dd/yyyy 10:05:18.331550]: send_secure_mac_addr_violation(16018):Sending secure mac addr violation Traps....
[mm/dd/yyyy 10:05:18.331544]: psec_trigger_violation(6124): Triggering RESTRICT action
[mm/dd/yyyy 10:05:18.331514]: psec_pss_read_config(490): Successfully read runtime interface information from cache
[mm/dd/yyyy 10:05:18.331510]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:05:18.331506]: psec_get_mcec_switch_role(7111): VPC role is 0
[mm/dd/yyyy 10:05:18.331502]: psec_pss_read_config(504): Successfully read config interface information from cache
[mm/dd/yyyy 10:05:18.331497]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:05:18.331455]: Inside psec_trigger_violation(5995)
[mm/dd/yyyy 10:05:18.331448]: psec_config_dyn_mac(6728):Triggering violation...
[mm/dd/yyyy 10:05:18.331426]: psec_config_dyn_mac(6724): retval = SUCCESS status =SUCCESS rc = SUCCESS dot1x_secured = 1
[mm/dd/yyyy 10:05:18.331403]: is_dot1x_intf_enabled(704): Error reading dot1x db shared pss not opened
[mm/dd/yyyy 10:05:18.331382]: is_dot1x_intf_enabled(699): Error initializing dot1x sdb no such sdb exists or is destroyed... Ignoring
[mm/dd/yyyy 10:05:18.331313]: Vlan ID= 33
[mm/dd/yyyy 10:05:18.331299]: ps_get_vlan_id(787):Access Port
[mm/dd/yyyy 10:05:18.331294]: Inside ps_get_vlan_id:(773)
[mm/dd/yyyy 10:05:18.331227]: psec_config_dyn_mac(6607): status = Unable to secure MAC address
[mm/dd/yyyy 10:05:18.331212]: check_conf_max_reached(4276): max addrs = 1, num_secured_addrs = 1
[mm/dd/yyyy 10:05:18.331207]: check_conf_max_reached(4260): if_index = 1a300800, vlan_id = 55, num_sec_addrs = 1
[mm/dd/yyyy 10:05:18.331203]: psec_get_mac_entries(1229):Number of entries :1
[mm/dd/yyyy 10:05:18.331064]: get_current_addrs_count(4733):Inside
[mm/dd/yyyy 10:05:18.331059]: Inside check_conf_max_reached(4253)
[mm/dd/yyyy 10:05:18.331055]: psec_get_mcec_switch_role(7111): VPC role is 0
[mm/dd/yyyy 10:05:18.331050]: check_secured_macs:(7094) No MAC addresses secured
[mm/dd/yyyy 10:05:18.331046]: Inside check_secured_macs:(7069)
[mm/dd/yyyy 10:05:18.331042]: psec_pss_read_config(504): Successfully read config interface information from cache
[mm/dd/yyyy 10:05:18.331038]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:05:18.331034]: get_port_sec_operational_state(7207): Port security is enabled
[mm/dd/yyyy 10:05:18.331030]: psec_pss_read_config(490): Successfully read runtime interface information from cache
[mm/dd/yyyy 10:05:18.331025]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:05:18.331007]: psec_pss_read_config(504): Successfully read config interface information from cache
[mm/dd/yyyy 10:05:18.331003]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:05:18.330999]: Inside check_port_sec_enabled(603):
[mm/dd/yyyy 10:05:18.330963]: psec_pss_read_config(490): Successfully read runtime interface information from cache
[mm/dd/yyyy 10:05:18.330957]: Inside: psec_pss_read_config(476)
[mm/dd/yyyy 10:05:18.330952]: get_mac_flag:(2194) No MAC addresses secured
[mm/dd/yyyy 10:05:18.330918]: psec_config_dyn_mac(6373) Received mac_address: aaaa.bbbb.cccc, on if_index = 1a300800, vlan_id = 55
[mm/dd/yyyy 10:05:18.330904]: psec_new_mac_validate(607): if_index = 1a300800, vlan_id = 55
[mm/dd/yyyy 10:05:18.330898]: psec_new_mac_validate(598):
[mm/dd/yyyy 10:04:24.731073]: eth_port_sec_polling_timer_event(462):
#####
We have no idea what cause mac move issue.
Please give us some suggestion.
Thanks.
Best regards,
James
- Labels:
-
Other Switches
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2022 04:51 AM
Hi
Dont follow you:
"3. Customer_A & Customer_B are using L3 Port to connect to N9K"
### N9K_A
interface port-channel39
description for "Cusomter_A"
switchport
switchport access vlan 55
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree guard root
switchport port-security violation restrict
switchport port-security
switchport port-security mac-address aaaa.bbbb.cccc
### N9K_B
interface Ethernet6/10
description "Customer_B"
switchport
switchport access vlan 55
switchport port-security violation restrict
switchport port-security
switchport port-security mac-address cccc.bbbb.aaaa
no shutdown
It seems L2 port to me.
Which device is Customer A and B?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2022 05:00 AM
Hi Flavio,
Thanks for reply.
Those two ports are belong to our N9K, not customers.
Customer_A(L3 Port) ---(Po39) N9K_A === N9K_B(Eth6/10) --- Customer_B
MAC:aaaa.bbbb.cccc MAC:cccc.bbbb.aaaa
Both ports N9K_A(Po39) and N9K_B(Eth6/10) are all with port security.
We don't know why we can see the "MAC move" on N9K_B? and MAC aaaa.bbbb.cccc move on N9K_B(Eth6/10)?
Thanks.
BR,
James
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide