Hi, we have switch port security configured in our network.we have problem which seems to be related to IP phones. the IP phones seems to change the middle part of the MAC and the switch port shutdown as it takes that as a violation.we had two incidents of this nature. only the Middle part of the MAC seem to change and then goes back to normal again.
A phone should not change its MAC address, that would be a strange thing to do. Can you post an example of the two MAC addresses with their different "middle parts"? Is it certain that the phones are responsible for this problems? Isn't it a routine MAC-spoofing attack?
Thanks for the reply. I also agree it is a strange thing but this happens for the second time and everytime wee trace the mac addresses, are mac addresses are Cisco MAC addresses and with a slight change/difference. see mac-addresses below
1. 001e.4a34.db0F - The correct MAC Address(IP Phone)
2. 001e.be91.db0F - The cause of the problem / spoofed MAC address
thanks for the reply. From what I understand I need to configure three MAC addresses in total. Then how do I then get this phone's internal mac-address? there is only one mac-address of the phone.
the other thing we implemented switchport security for almost 2years now and we had only two issues of this kind. all the other ports are configured with maximum of two and configured the mac-address of the phones and the PC.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...