Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1731
Views
10
Helpful
5
Replies

2 NIC teaming and port security issue

shibindong
Level 1
Level 1

‎09-12-2008 09:07 PM - edited ‎03-06-2019 01:21 AM

we have server with 2 NICs connect to differrent switches (CAT6), server using HP build-in software to run network teaming. and we also configured port security on the switch port and only allow 1 mac address.

I also checked the server teaming configuration, 2 NICs original mac adress are :AAAAAAAAAAAA and BBBBBBBBBB, after binding to teaming, the virtual MAC address is BBBBBBBBBBBBB.

it was working properly at first, until I plug out one connection, which happen to be the active connection, the server got disconnected form the network, and the switch returned me the error msg:"

%PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address AAAAAAAAAAAA on port GigabitEthernet3/20."

when i checked the mac address table using command "show mac-address-table interface gX/XX", gX/XX is the port connect to the NIC with MAC AAAAAAAAAAAA. I got 2 record, one is static and ther other is dynamic:

* 90 AAAAAAAAAAAA static Yes - Gi3/20

* 90 BBBBBBBBBBBB dynamic Yes 45 Gi3/20

i did not configure any "static" mac on the switch, and how come there is static mac address in the record? If I can remove that static record, we can slove that issue. I have checked the cisco web site and foum topic, some posts also raised the same issue but no solution yet.

I also post my port configuration for your infomation:

interface GigabitEthernet3/20

switchport

switchport access vlan 900

switchport mode access

switchport port-security

switchport port-security violation restrict

no ip address

spanning-tree portfast

end

Labels:
0 Helpful
5 Replies 5

Sebastian Helmer
Level 5
Level 5

‎09-12-2008 10:22 PM

I think your config is not right for this situation.

Default port-security allows only 1 MAC and like you see after a error of one NIC the mac change.

Or your problem is "restrict" because you need to remove a sufficient number of secure MAC addresses to drop below the maximum value.

So recommend you to add this:

"switchport port-security maximum 2"

For more information see:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html

Sebastian

PS: I prefer to diable cdp on server ports..

0 Helpful

shibindong
Level 1
Level 1
In response to Sebastian Helmer

‎09-13-2008 06:28 AM

thanks for your reply, I think you are still not clear about my problem:

of course i can solve the problem by setting the maximum number of MAC addresses to 2, but i don't think it is the good way. Because I saw there are 2 MAC addresses entries in the switch: 1 is static and 1 is dynsmic, if i can remove the static MAC entry, problem can be sloved.

But i don't know why there is a static entry and how to remove it.

0 Helpful

russell.turner
Level 1
Level 1
In response to shibindong

‎09-13-2008 09:12 AM

I hope this guide will help it covers some excellent points and recommedation how to configure switch ports in a Virtual enviroments and nic teaming.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/vmware/vmware.html

0 Helpful

Ryan Carretta
Cisco Employee
Cisco Employee

‎09-14-2008 12:06 AM

Hello,

Port-security installs its entries into the CAM table as static entries. The AAAAAAAAAAAA entry you see as static is likely the secure address.

Try using the 'show port-security' commands to check out the secure address(es) on the interface.

-Ryan

shibindong
Level 1
Level 1
In response to Ryan Carretta

‎09-14-2008 06:09 PM

thanks for your reply, that's what i wanted. So does that means, there is no way to implement port security maximum 1 and NICs teaming together?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card