Hello All !
We had 3 ports in our LAN connected to a simple 2960 that had Port security enabled with just allowing 2 MAC addresses on each port, Now as soon as we connected one of them everything was good, once we connect any other of those three then that port goes into error disable state! Stating that port security violation was caused by AAAA.BBBB.CCCC Mac address
The End stations were running a single virtual machine along side their Physical machine & we had allowed them enough addresses so that they could run 5 VM's ! Then why the port was going down into err disable state! ???
Well i got the answer! First we thought its a faulty NIC card or a Bad network cable but we changed everything but all in vain, the reason was DUPLICATE MAC addresses! ouch! but how? well, they had copied VM's with each other & guess what, the MAC's of VM's were also copied!
If you have two PC's in your network having the same MAC address in the same VLAN or Broadcast domain what happens?
Well you will be seeing a log message of MAC flapping between ports X & port Y IF Port security is DISABLED, But once you enable port security the second port that connects in with the same MAC as any other port's learned MAC, then it goes into err disabled state.
Ok this happens fine, but my question is WHY? is there any feature set of port security that anyone can share??