08-31-2022 09:02 AM
Hello everybody,
we are currently testing Softwareversion 17.06.3 and see log messages on the switch from "Switch Integrated Security Features (SISF)". I guess those messages are related to device-tracking or dhcp snooping.
%SISF-4-ENTRY_BLOCKED: Entry blocked Entry creation blocked, not possible to free space
We are currently using SW Version 16.12.3a -> on this SW Version we don´t see those log messages.
Has maybe anybody a clue how to solve this issue?
Best regards,
steffen
08-31-2022 10:07 AM - edited 08-31-2022 10:08 AM
>...
%SISF-4-ENTRY_BLOCKED : Entry blocked [chars] | |
---|---|
Explanation | An attempt to install an entry in the IPv6 binding table was blocked. This can be due to a conflicting entry or maximum number of entries reached |
Recommended Action | If the maximum table size is reached, consider increasing it. If a conflicting entry already exist, this maybe an attempt to steal address ownership. You should investigate which host is connected on the interface and wether it should be disconnected |
%SISF-4-ENTRY_BLOCKED : Entry blocked [chars]ExplanationAn attempt to install an entry in the IPv6 binding table was blocked. This can be due to a conflicting entry or maximum number of entries reachedRecommended ActionIf the maximum table size is reached, consider increasing it. If a conflicting entry already exist, this maybe an attempt to steal address ownership. You should investigate which host is connected on the interface and wether it should be disconnected
08-31-2022 10:59 AM
Yes, we know this article.
But we don’t use IPv6 and also disabled protocol dhcpv6 learning in device-tracking policy already.
would be great to know the command to checke size und utilization of the binding table.
best regards
09-01-2022 04:59 AM
- What switch model is this ?
M.
09-01-2022 05:15 AM
C9200-48P
We migrated two switches in production environment to 17.06.03 and both Switches are logging the same.
Device-Tracking policy is as following for "host" ports:
device-tracking policy DEV-TRACKING
no protocol ndp
no protocol dhcp6
no protocol udp
For Interswitchlinks:
device-tracking policy DEV-TRACKING_UPLINK
trusted-port
device-role switch
no protocol ndp
no protocol dhcp6
no protocol udp
10-03-2022 10:55 PM
did you find a solution? We upgraded some switches to 17.6.4 and have the same issue ...
Found your topic to late, so I opened a new topic ... sry for that
%SISF-4-ENTRY_BLOCKED : Entry blocked --> Log Warning 17.6.4 - Cisco Community
10-04-2022 04:54 AM
Hi TomBaz83,
we figured out that those messages were caused only on ports to Accesspoints (we only use Meraki AP´s). We deactivated device-tracking on those ports and the message was is gone (trusted-port, device-role switch). We had the feelding that this message was more a "cosmetic" iussue than causing real heavy problems. We already migrated one of our locations completly to 17.06.3 (Cisco 9500, 9300 and 9200 platforms) and it works stable since 2 weeks now. Seems to be a good release in my opinion.
device-tracking policy DEV-TRACKING_UPLINK
trusted-port
device-role switch
no protocol ndp
no protocol dhcp6
no protocol udp
interface GigabitEthernet2/0/3
device-tracking attach-policy DEV-TRACKING_UPLINK
Best regards,
steffen
10-04-2022 11:33 PM
seems that fix the issue ... and I'm with u, I also think it is "only" a "cosmetic" issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide