Topology: PC <===>Access Switch (C2960)<===> Core Switch C4510 <===> DHCP Server (MS) Security function on access switch: ip dhcp snooping, no ip dhcp snooping information option, ip arp inspection validate src-mac dst-mac ip allow zeros, ip arp inspection log-buffer entries 1024 , ip arp inspection log-buffer logs 1024 interval 10. Config port: switchport access vlan 100 switchport mode access switchport block multicast switchport block unicast switchport voice vlan 101 switchport port-security switchport port-security violation restrict switchport port-security mac-address sticky switchport port-security mac-address sticky <MAC> vlan access ip arp inspection limit rate 100 storm-control broadcast level pps 5k storm-control multicast level pps 5k storm-control unicast level pps 20k storm-control action trap spanning-tree portfast spanning-tree bpduguard enable ip verify source port-security ip dhcp snooping limit rate 15 Problem: On the port, the port-security function remembered one PC address. Available for remembering another. A second PC is connected to the access level switch. The port-security function does not see it, it does not appear in the table of mac addresses. There are no errors in the switch logs, the status port is up, the line is up. However, on the DHCP server, it can be seen that the server issues the IP. In this case, the MAC address is needed and the IPs appear on the core switch, but do not appear in the MAC addresses tables on the switch to which the new PC is connected. The PCs were rebooted, waiting for the timeout of the ARP and CAM tables. It only helps to completely disable all the security features on the port. Why does the desired MAC stored on the core switch, but does not appear on the access switch? A problem appears on many access switches when connecting new equipment instead of old or in addition to old. Thank you for your help.
... View more
The problem on this switch has been resolved. However, just now, another one has happened. All functions specified in the first post were activated on the port. When changing the PC to a new one on the access switch, the MAC does not appear on the port, but appears on the kernel switch. As a result, the new connected PC did not have access to the network, after disabling the functions DAI, DHCP Snooping and IP Source Guard, the MAC address appeared and everything started to work.
... View more