Cisco Community
English
Register
New community login process starting July 13 - LEARN MORE HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
413
Views
0
Helpful
0
Replies
wanderer_id
Beginner
Beginner
‎10-31-2019 08:58 PM
‎10-31-2019 08:58 PM

Security features and MAC address table on access switch

Topology: PC <===>Access Switch (C2960)<===> Core Switch C4510 <===> DHCP Server (MS)

Security function on access switch: ip dhcp snooping, no ip dhcp snooping information option, ip arp inspection validate src-mac dst-mac ip allow zeros, ip arp inspection log-buffer entries 1024 , ip arp inspection log-buffer logs 1024 interval 10.

Config port:

switchport access vlan 100
switchport mode access
switchport block multicast
switchport block unicast
switchport voice vlan 101
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky <MAC> vlan access
ip arp inspection limit rate 100
storm-control broadcast level pps 5k
storm-control multicast level pps 5k
storm-control unicast level pps 20k
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source port-security
ip dhcp snooping limit rate 15

Problem: On the port, the port-security function remembered one PC address. Available for remembering another. A second PC is connected to the access level switch. The port-security function does not see it, it does not appear in the table of mac addresses. There are no errors in the switch logs, the status port  is up, the line is up. However, on the DHCP server, it can be seen that the server issues the IP. In this case, the MAC address is needed and the IPs appear on the core switch, but do not appear in the MAC addresses tables on the switch to which the new PC is connected. The PCs were rebooted, waiting for the timeout of the ARP and CAM tables. It only helps to completely disable all the security features on the port. Why does the desired MAC stored on the core switch, but does not appear on the access switch? A problem appears on many access switches when connecting new equipment instead of old or in addition to old. Thank you for your help.

 

Labels:
0 Helpful
0 REPLIES 0
Latest Contents
Detecting of MAC/Probe Spoofing with AI Spoofing Detection
Created by kthiruve on 07-22-2021 08:41 AM
0
0
0
0
Overview:Pre-Requisites:AI Cloud registration:Enabling NetFlow on Cisco DNA Center and switchesAI Spoofing detection and UI interaction:Rapid Threat Containment <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.... view more
Asignacion de direccionamiento IPV6 a Host
Created by IvanEduardoHerreraSalas0045 on 07-21-2021 11:47 PM
0
0
0
0
Como parte de mi preparacion para el ENARSI he estado haciendo una serie de videos para que se me quede mas grabado todo, en el siguiente link encontraran una liga con los mecanismos de asignacion de direccion IPV6 a Hosts   https://youtube... view more
Add and Discover network devices on DNA Center
Created by Pulkit Nagpal on 07-21-2021 10:33 PM
0
0
0
0
So you have the DNA Center racked and stacked in your data centre, and you are thinking what next?   To get instant value from your DNA Center, you should next discover and add your network devices to it. In this video, we will take you through the ... view more
Community Live FAQ- Application Hosting on ISR, ASR, CSR and...
Created by Cisco Moderador on 07-21-2021 10:46 AM
0
5
0
5
Overview:Pre-Requisites:AI Cloud registration:Enabling NetFlow on Cisco DNA Center and switchesAI Spoofing detection and UI interaction:Rapid Threat Containment This event had place on Tuesday 20, July 2021 at 10hrs PDT Introduction Edge Compute is evol... view more
Community Live Video- Application Hosting on ISR, ASR, CSR a...
Created by Cisco Moderador on 07-21-2021 10:40 AM
0
0
0
0
(view in My Videos) Community Live-Application Hosting on ISR, ASR, CSR and Catalyst Routing Platforms This event had place on Tuesday 20th, July 2021 at 10:00 hrs PDT Edge Compute is evolving as a key pillar as part of next-generation Enterprise WAN Edg... view more
Content for Community-Ad