cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3113
Views
15
Helpful
7
Replies

%SISF-4-ENTRY_BLOCKED- IP Device-Tracking causing issues ?

Hello everybody, 

we are currently testing Softwareversion 17.06.3 and see log messages on the switch from "Switch Integrated Security Features (SISF)". I guess those messages are related to device-tracking or dhcp snooping. 

%SISF-4-ENTRY_BLOCKED: Entry blocked Entry creation blocked, not possible to free space

We are currently using SW Version 16.12.3a -> on this SW Version we don´t see those log messages. 

Has maybe anybody a clue how to solve this issue?

 

Best regards,

steffen

 

 

7 Replies 7

marce1000
VIP
VIP

 

  - Ref : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/16_xe/smg/xe-16-10/b-sem-16-10-1/b-sem-16-10-1_chapter_0110.html

 >...

 
%SISF-4-ENTRY_BLOCKED : Entry blocked [chars]
Explanation An attempt to install an entry in the IPv6 binding table was blocked. This can be due to a conflicting entry or maximum number of entries reached
Recommended Action If the maximum table size is reached, consider increasing it. If a conflicting entry already exist, this maybe an attempt to steal address ownership. You should investigate which host is connected on the interface and wether it should be disconnected

%SISF-4-ENTRY_BLOCKED : Entry blocked [chars]ExplanationAn attempt to install an entry in the IPv6 binding table was blocked. This can be due to a conflicting entry or maximum number of entries reachedRecommended ActionIf the maximum table size is reached, consider increasing it. If a conflicting entry already exist, this maybe an attempt to steal address ownership. You should investigate which host is connected on the interface and wether it should be disconnected



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Yes, we know this article.

But we don’t use IPv6 and also disabled protocol dhcpv6 learning in device-tracking policy already. 

would be great to know the command to checke size und utilization of the binding table.

best regards

 

      - What switch model is this ?

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

C9200-48P

We migrated two switches in production environment to 17.06.03 and both Switches are logging the same. 

Device-Tracking policy is as following for "host" ports:

device-tracking policy DEV-TRACKING
no protocol ndp
no protocol dhcp6
no protocol udp

 

For Interswitchlinks:

device-tracking policy DEV-TRACKING_UPLINK
trusted-port
device-role switch
no protocol ndp
no protocol dhcp6
no protocol udp

 

TomBaz83
Level 1
Level 1

did you find a solution? We upgraded some switches to 17.6.4 and have the same issue ...

Found your topic to late, so I opened a new topic ... sry for that

%SISF-4-ENTRY_BLOCKED : Entry blocked --> Log Warning 17.6.4 - Cisco Community

Hi TomBaz83,

we figured out that those messages were caused only on ports to Accesspoints (we only use Meraki AP´s). We deactivated device-tracking on those ports and the message was is gone (trusted-port, device-role switch). We had the feelding that this message was more a "cosmetic" iussue than causing real heavy problems. We already migrated one of our locations completly to 17.06.3 (Cisco 9500, 9300 and 9200 platforms) and it works stable since 2 weeks now. Seems to be a good release in my opinion.

device-tracking policy DEV-TRACKING_UPLINK
trusted-port
device-role switch
no protocol ndp
no protocol dhcp6
no protocol udp

interface GigabitEthernet2/0/3

device-tracking attach-policy DEV-TRACKING_UPLINK

Best regards,

steffen

 

seems that fix the issue ... and I'm with u, I also think it is "only" a "cosmetic" issue

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card