07-16-2009 07:30 AM - edited 03-06-2019 06:48 AM
Hello,
We have come across something really bizar. When we enabled port security on a port, it slows down mac learning on that port to up to 3 seconds !
Switch is a C3750, v12.2(35)SE2
Port security disabled, macs cleared:
--> HTTP SYN in (flooded because mac unknown)
<-- HTTP SYN-ACK out : 10 msec delay
Port security enabled, macs cleared (!):
--> HTTP SYN in (flooded, because mac unknown)
<-- HTTP SYN-ACK out: 3 seconds delay !
It is especially visible on 'silent' devices where the mac address times out after the port security timeout (in our config 2 mins):
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
I have searched the bug toolkit but found nothing.
07-18-2009 03:28 AM
Maybe mac learning can be slower with port-security turned on (ie for programming asic or whatever), however, the packet itself should not be delayed. This issue is giving us problems with SAP transactions timing out and being very slow. Will open TAC case for it. (i could increase the timeout value but that is giving us other problems, like when you move a pc , you have to wait
08-12-2009 07:35 AM
It appears that the switch is not "slow" in learning, it just drops the first packet when port security is enabled (nice cisco) and the 3 seconds is a retransmit timer on the end-device (if you're using tcp, if you are using udp,video,voice,mmm, bad luck, packet gone!). See CSCeg63177
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide