1 virtual mac address on 2 ports, auto-disable?

james-rogers · ‎11-30-2007

A server technician recently added a multi-homed SQL server to our switch and because of either a hardware or software error, we had a virtual mac address appear simultaneously on two different ports on our 4510. I understand that this seriously impacts CPU utilization, causes network slowdowns and other issues, and that a "flapping" error message is generated in the log. We were able to quickly track down the problem and fix it, but my question is: Why doesn't the switch automatically disable a port if/when it learns a mac-address that is already in its table? Shouldn't this be its default behavior?

nambi_gct · ‎11-30-2007

MAC addresses must be unique with in a vlan only.switch always looks at pair.

If you need more security against these kind of issues you need to consider implementing port security feature.

james-rogers · ‎12-03-2007

Thanks, ok, In this case, however, the ports in question were all in the same vlan. So are you saying that the switch should have 'blocked' the duplicate mac address when it appeared in the same vlan?

As I recall, the port security feature learns the first mac address it sees on a port and then 'binds' only that mac to that port preventing any other macs from connecting to that port. Does that also prevent the same mac from appearing on any other ports? Guess, I should go read up on that feature and how it relates to IP Phones, laptop and desktop mobility, etc..