×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How single mac address access multiple ports

Unanswered Question
Nov 8th, 2010
User Badges:

I have two virtual hosts A, B and a virtual machine that is moving between the hosts, the problem that A  is connected to port and B also connected to another port, so when the virtual machine run in A its mac address will stick to A, and run ok, but when move it to the B it is denied.


So, the question Is it possible in port security that one mac address can access two or multiple ports either statically or dynamically at the same switch?


If no provide me other solution to secure the LAN like for example 802.1x....


by the way I am using Brocade Fastlron SuperX switch.


Regards,

Fahad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Christopher Russell Mon, 11/08/2010 - 08:09
User Badges:

Hey,


The behaviour you are describing is really a basic function of port-security, a known MAC being heard on a second port is considered a violation (the presumtion is MAC spoofing), so if you are using vmotion or something similar to move VMs between physical devices and as such expect this kind of mac moving under normal operation (and without a link flap) then port-security is really not the feature you are looking for.


The best you could do is set the aging timer to inactivity, and set it very low.  However there would still be an outage after the VM Vmotions to the second host, as well as adding more control plane load on the CPU with regular polling, so is not really ideal.


Chris

Actions

This Discussion