Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port security problem

Hi

We have Host A connected to switch SA and Host B connected to switch SB. Switches SA and SB connected to Catalyst 6509 via trunk with RSTP configured. There is no direct link between SA and SB. During initial IP Address acquisition (from DHCP which in different VLAN) Port on SA is being blocked by MAC address 0009.bbbc.cccc (6509 MSFC's MAC). And we had situation when port on SA was blocked by by MAC learned on SB (belongs to Host B).

This prob never occur during normal work or sturtup without DHCP request.

Is there any way out?

Please help.

7 REPLIES
New Member

Re: port security problem

what error or log message did you get?

how did you note that Port on SA is being blocked by MAC address 0009.bbbc.cccc (6509 MSFC's MAC?

New Member

Re: port security problem

SA log:

.Aug 30 07:39:16.554: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/6, putting Fa0/6 in err-disable state

.Aug 30 07:39:16.562: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0009.bxxx.xxxx on port FastEthernet0/6.

6500:

msfc6500#sh arp | i 0009.bxxx.xxxx

Internet 10.17.110.77 - 0009.bxxx.xxxx ARPA Vlan14

Internet 10.17.120.77 - 0009.bxxx.xxxx ARPA Vlan15

... and so on for each Vlan...

New Member

Re: port security problem

The prom was that we forgot to exclude one of HSRP snandby IP Address from DHCP distribution range. That's why we see MSFC MAC on SA port, Host A was givven MSFC's IP. The reason why we see alien MAC on port (non MSFC) is the same. Host B had static IP and DHCP didn't know that. From now on we know why this's happened but we got another question to CISCO EXPERTS:

IS THIS A BUG OR FEATURE ? Is it the way cisco prevent IP address duplication?

TIA.

Bronze

Re: port security problem

Hi,

DHCP SERVER before leasing any ip address to clients it pings twice for checking whether the ip is already in use or not then only it leases that particular IP.

This way DHCP prevents ip addr duplication

HTH

Thanks

Raj

New Member

Re: port security problem

to rajinikanth

We have MS DHCP.

RFC does not mention ICMP check, Microsoft neither. Could you give me a bit more information (may be link) so I could find out more about it.

TIA

New Member

Re: port security problem

Thanks a lot

154
Views
4
Helpful
7
Replies
CreatePlease login to create content