Port-Secuity Issue Win 7

William Ryan · ‎03-14-2011

Currently we have deployed Windows 7, with sleep mode enable after x amount of inactivity. We also utilize port-security, when a computer goes to sleep and is awaken, it generates a 0000.0000.0000 MAC address and port security disables the port.

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.0000.0000 on port FastEthernet3/4

We changes the port violation to restrict for troubleshooting. Once the system is awake and at full power, everything works fine.

cadet alain · ‎03-14-2011

Hi,

Can you sniff the NIC to see what type of traffic has this source mac address.

Post your port-security config also.

Regards.

Alain.

Don't forget to rate helpful posts.

William Ryan · ‎03-14-2011

We are think it’s a Win 7 issue, systems are being upgraded from Vista to 7 and that generic NIC drivers are being used. The puzzle part is this one happens on 4506 switches with the 0 MAC address.

bnidacoc · ‎11-30-2011

William,

Did you ever find a resolution for this?

We have found that when some of our Windows 7 PCs go to sleep, within a few seconds, they cause the port to be shut down with the invalid MAC address of all zeros. Unlike you, we have found this is shutdown at sleep, not at awakening. Can you clarify which step in the sleep cycle you experience this, at sleep begining, or at awakening?

RonaldNutter · ‎11-30-2011

At a previous employer, we had so much problem with this that a Group Policy object was created in Active Directory to disable power management on both wired and wireless network connections. I have yet to see a place where power management worked right or at all.

Ron

Mischiman · ‎07-26-2012

on one computer where I tested around for a vie days with that issue I found out that ist is not the "power save" as the cause but the Wake-On-LAN feature. Then I disabled the WOL in the network adapter setting and the port security violation messages disappered. This happens not only on 4506 but at least on all 4500 switches.

If you disable port security the you get such messages:

%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 43199 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi1/1 in vlan 1

My testcomputer is a FSC Celsius W350, now I will check this with some DELL which are causing similar issues

Michael

bnidacoc · ‎07-26-2012

Thanks for waking this topic up.

Our resolution which seems to have wordked on all tried circumstances is the folowing;

All of our offenders were Dell PCs with Broadcom NICs. Updaing the Dell PCs with NIC drivers from Dell did NOT resolve the matter. Updaing the PCs with the latest NIC drivers from Broadcom did resolve the matter. The system can go to sleep, and apparently not send out frames with all zeros as a source MAC address. No more port security or IP source guard violations or flood logs as a result of sleep.

Hope this helps others.

Mischiman · ‎07-26-2012

Good Point! The Celsius W350 also has an Broadcom NIC onboard. I will try with last non-Fujitsu driver to check if it works and give you an update!

doesterhuizen · ‎10-22-2012

Hi

Cant you use the following access-list to block source mac's with 0000.0000.0000 to any destination?

mac access-list extended AllZeroMacs

deny host 0000.0000.0000 any

permit any any

Then you apply it on a per interface basis on the incoming direction on the port?

We are currently having a similar experience at the moment im trying to prevent the port from going into an err-disabled state while we look for a solution, we have not tried the access list yet.

Message was edited by: Donovan Esterhuizen