03-14-2011 08:50 AM - edited 03-06-2019 04:04 PM
Currently we have deployed Windows 7, with sleep mode enable after x amount of inactivity. We also utilize port-security, when a computer goes to sleep and is awaken, it generates a 0000.0000.0000 MAC address and port security disables the port.
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.0000.0000 on port FastEthernet3/4
We changes the port violation to restrict for troubleshooting. Once the system is awake and at full power, everything works fine.
03-14-2011 11:12 AM
Hi,
Can you sniff the NIC to see what type of traffic has this source mac address.
Post your port-security config also.
Regards.
Alain.
03-14-2011 11:27 AM
We are think it’s a Win 7 issue, systems are being upgraded from Vista to 7 and that generic NIC drivers are being used. The puzzle part is this one happens on 4506 switches with the 0 MAC address.
11-30-2011 12:00 PM
William,
Did you ever find a resolution for this?
We have found that when some of our Windows 7 PCs go to sleep, within a few seconds, they cause the port to be shut down with the invalid MAC address of all zeros. Unlike you, we have found this is shutdown at sleep, not at awakening. Can you clarify which step in the sleep cycle you experience this, at sleep begining, or at awakening?
11-30-2011 01:01 PM
At a previous employer, we had so much problem with this that a Group Policy object was created in Active Directory to disable power management on both wired and wireless network connections. I have yet to see a place where power management worked right or at all.
Ron
07-26-2012 05:05 AM
on one computer where I tested around for a vie days with that issue I found out that ist is not the "power save" as the cause but the Wake-On-LAN feature. Then I disabled the WOL in the network adapter setting and the port security violation messages disappered. This happens not only on 4506 but at least on all 4500 switches.
If you disable port security the you get such messages:
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 43199 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi1/1 in vlan 1
My testcomputer is a FSC Celsius W350, now I will check this with some DELL which are causing similar issues
Michael
07-26-2012 11:31 AM
Thanks for waking this topic up.
Our resolution which seems to have wordked on all tried circumstances is the folowing;
All of our offenders were Dell PCs with Broadcom NICs. Updaing the Dell PCs with NIC drivers from Dell did NOT resolve the matter. Updaing the PCs with the latest NIC drivers from Broadcom did resolve the matter. The system can go to sleep, and apparently not send out frames with all zeros as a source MAC address. No more port security or IP source guard violations or flood logs as a result of sleep.
Hope this helps others.
07-26-2012 02:30 PM
Good Point! The Celsius W350 also has an Broadcom NIC onboard. I will try with last non-Fujitsu driver to check if it works and give you an update!
10-22-2012 03:30 AM
Hi
Cant you use the following access-list to block source mac's with 0000.0000.0000 to any destination?
mac access-list extended AllZeroMacs
deny host 0000.0000.0000 any
permit any any
Then you apply it on a per interface basis on the incoming direction on the port?
We are currently having a similar experience at the moment im trying to prevent the port from going into an err-disabled state while we look for a solution, we have not tried the access list yet.
Message was edited by: Donovan Esterhuizen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide