09-25-2013 12:25 AM - edited 03-07-2019 03:39 PM
dear Expert:
I have a spare Cisco 2960 switch in my LAN, all of the ports are administrativly down except of port 0/23, which is directly connected to another switchpot.
my question is: I activated port security on this interface and all of the time I find 14 stick Mac-address on this interface, what is the reason?
much appreciate your explanation.
regards,
Solved! Go to Solution.
09-25-2013 01:39 AM
Here is a good link to understand why you are seeing multiple MAC address on an uplink port to another switch.
http://www.ciscopress.com/articles/article.asp?p=101367
In a nutshell, each switch will learn where various MAC address are on an ethernet network. As this port is an uplink (presumably a trunk) to another switch and hosts are broadcasting on other switches, this switch will see the traffic and place the sending stations MAC addresses in it's CAM (memory) table. i.e. mac address and port from which it last saw the traffic.
Do please read over Layer2 basics above.
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
09-25-2013 01:44 AM
Of course, forgot to mention this also. Port security on trunks is a no-no
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
09-25-2013 03:32 AM
On an access port, you will get a single mac-addresses. As long as the same is not connecting VM, a blade, a chassis etc.
09-25-2013 01:02 AM
Hi,
Most probably there are other machines connected through that switchport as well. What does this port connects to, another switch? If so, you will see many mac addresses, probably due to broadcast propagation.
Are you checking it on the switch with disabled ports or you mean that you see these addresses on the other side?
Best regards,
Jan
09-25-2013 01:39 AM
Here is a good link to understand why you are seeing multiple MAC address on an uplink port to another switch.
http://www.ciscopress.com/articles/article.asp?p=101367
In a nutshell, each switch will learn where various MAC address are on an ethernet network. As this port is an uplink (presumably a trunk) to another switch and hosts are broadcasting on other switches, this switch will see the traffic and place the sending stations MAC addresses in it's CAM (memory) table. i.e. mac address and port from which it last saw the traffic.
Do please read over Layer2 basics above.
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
09-25-2013 01:42 AM
Personally I wouldn't be enabling port security on connections to other switches.
As its connected to another switch, its learning the MAC addresses of the hosts connected to that switch because a switch needs to know where to forward frames based on the CAM table.
09-25-2013 01:44 AM
Of course, forgot to mention this also. Port security on trunks is a no-no
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
- Always vote on an answer if you found it helpful
09-25-2013 03:00 AM
OK, 1 more question,
what happen if I apply below commands on the same interface?
- switchport block multicast
- switchport block unicast
09-25-2013 03:31 AM
Here is your reply :
Switch(config-if)# switchport block multicast
Blocks unknown multicast forwarding to the port.
Switch(config-if)# switchport block unicast
Blocks unknown unicast forwarding to the port.
09-25-2013 02:51 AM
if you are on a trunk, you will fine multiple mac-addresses on the same.
09-25-2013 03:03 AM
OK, but what a bout access port?
09-25-2013 03:32 AM
On an access port, you will get a single mac-addresses. As long as the same is not connecting VM, a blade, a chassis etc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide