Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS/CatOS Port Security - Teamed NICs

We are trying to install port security within our data centers, port-security config all looks straightforward enough, but we have come across one problem that I need help with.

Most servers these days connect to a logical core (2 Catalyst 6500s for example) in failover (NFT) mode. I attempted to configure port-security by allowing both MACs down the respective ports in the hope that if the primary NIC failed the fact that both MACs are configured on both ports would allow fail over to work.

However it did not. I even tried using the sticky options but unless a manual clear of the MAC Table is done failover doesn't occur.

I need a dynamic configuration that will allow for port-security but yet maintain teamed NIC failover capability.

We thought that changing the MAC table flush period would assist but this creates problems for multilayer switching for the entire network.

Does any one have any experience or knowledge in how to configure port security for IOS & CatOS)for servers using NIC teaming?

New Member

Re: IOS/CatOS Port Security - Teamed NICs

We are doing nic-teaming with HP servers in a fail-on-fault and active-active configuration. What kind of servers are you using? Also, in a nic-teaming scenario, why is it necessary for you to have the mac of both nic's on both switch ports? You have 2 physical paths to the network. Each switch port should have the mac of the nic it is physically attached to it in it's arp. The mac addresses aren't floating between the nic's are they?

I'm not using port security, but IMHO shouldn't port security be set up based on the mac's of the nic's that are attached to the specific port?