Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

253
Views
0
Helpful
0
Replies
Highlighted
wanderer_id
wanderer_id Beginner
Beginner
‎10-31-2019 08:58 PM
‎10-31-2019 08:58 PM

Security features and MAC address table on access switch

Topology: PC <===>Access Switch (C2960)<===> Core Switch C4510 <===> DHCP Server (MS)

Security function on access switch: ip dhcp snooping, no ip dhcp snooping information option, ip arp inspection validate src-mac dst-mac ip allow zeros, ip arp inspection log-buffer entries 1024 , ip arp inspection log-buffer logs 1024 interval 10.

Config port:

switchport access vlan 100
switchport mode access
switchport block multicast
switchport block unicast
switchport voice vlan 101
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky <MAC> vlan access
ip arp inspection limit rate 100
storm-control broadcast level pps 5k
storm-control multicast level pps 5k
storm-control unicast level pps 20k
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source port-security
ip dhcp snooping limit rate 15

Problem: On the port, the port-security function remembered one PC address. Available for remembering another. A second PC is connected to the access level switch. The port-security function does not see it, it does not appear in the table of mac addresses. There are no errors in the switch logs, the status port  is up, the line is up. However, on the DHCP server, it can be seen that the server issues the IP. In this case, the MAC address is needed and the IPs appear on the core switch, but do not appear in the MAC addresses tables on the switch to which the new PC is connected. The PCs were rebooted, waiting for the timeout of the ARP and CAM tables. It only helps to completely disable all the security features on the port. Why does the desired MAC stored on the core switch, but does not appear on the access switch? A problem appears on many access switches when connecting new equipment instead of old or in addition to old. Thank you for your help.

 

Everyone's tags (5)
0 Helpful
Reply
Latest Contents
Recent changes in SRIOV VF mapping in NFVIS GUI
Created by gosekar on 12-05-2019 06:59 PM
0
0
0
0
Starting from NFVIS 3.12 versions, the deploy option does not depict all the SR-IOV VFs(Virtual Functions) available in a physical interface. This change is introduced as (i) the number of VFs of ENCS platform on LANs side is increased to 24 and (ii) the... view more
Community Live- Getting to know Cisco SD-WAN
Created by ciscomoderator on 12-05-2019 12:41 PM
0
0
0
0
Community Live- Getting to know Cisco SD-WAN (Live event - formerly known as Webcast-  Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris) This event will have place on Wednesday 11th, December 2019 at 10hrs PDT  Register to... view more
Fixed IP for each location
Created by MuhammadAfnan32526 on 12-05-2019 11:22 AM
1
0
1
0
Hi alli have 40 spots (40 Ethernet cables for computers coming out from switch) and i want each of these spots to have fix IP which means if i swap the computer the IP of certain spot remain the same.example : at spot 30 i have IP address of 192.168.22.40... view more
Cisco DNA Center appliance connected to Cisco Nexus 5K/7K/9K...
Created by Karthik Kumar Thatikonda on 12-04-2019 01:01 PM
0
5
0
5
Symptoms Cisco DNA Center nodes lost network connectivity. Cannot SSH to nodes. Cluster and Enterprise port connected to Cisco Nexus Switches. Diagnosis Cisco DNA Center kernel logs showing hung queue error messages. "sudo cat /var/log/kern.log" Work... view more
Cisco Digital Network Architecture Center Modules (Design M...
Created by Mohamed Alhenawy on 11-28-2019 09:51 AM
0
0
0
0
Cisco Digital Network Architecture Center Modules(Design Module)Wireless Part.In this article, we are going to talk about Cisco Digital Network Architecture Center design Module, Wireless Part.Cisco DNA Center gives us the flexibility and scalability to c... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad