Cisco Switching/Routing :: 4507 - MAC Address Registering On Different Port
May 22, 2013
I am having an issue where MAC addresses from my user PC's are registering on different ports than the ones they are plugged in to. I have my PC's plugged in to my Cisco phones (most of which are 7941's), and then patched back to my switch, (4507 or 4006). The issue is that a user will be working fine, they will have both their PC and Phone MAC's registered on the correct prot and then with out intervention the PC MAC addresses will register itself with another physical port and the user will pull a 169.x.x.x address and have not access to the network. This is happening to multiple users all of which are hardwired. Port security is configured to allow 3 MAC's, obviously if I change that to 2 it will not allow an incorrect MAC's to register with that port, but I would like to know why this is happening. Both the 4507 and 4006 have been up for 1 year and 33 weeks. The fix has been to find out where their MAC has registered it self, unplugg that PC from the phone, and let the port security aging time (2min) clear all MAC's from the port.
Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112 Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112 Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
we have a scenario that consists of a Cisco 4507 series core switch with more than 20 vlans which is connected to a C2960G switch( in a nearby building) using a trunk by a fiber connection. Up to this point everyhting is fine . VTP domain is configured on the core switch and we have all of the 20 vlans present correctly on the edge 2960G wich is part of course of this same VTP domain.the fiber connection goes from core switch to a "in the middle location" where we have a fiber patch panel that is connected in a jumper style to another fiber patch panel going to the destination building where the C2960G sits.
Now imagine that Fiber connection from this middle location to the destination C2960 edge switch is down for any possible reason meanwhile the fiber connection from Core switch 4507 to the middle location is still intact.In the same time, in this middle location , we do have a wireless connection which links 1 Cisco 3750G switche ( a different infrastructure and different VTP domain) to another C3560G switch which sits on the same Room in the nearby destination building where we have the edge C2960G, An idea came to me is to connect one of the fiber port (core) in the intact fiber patch panel coming from Core switch 4507 TO an access vlan configured switchport in the 3750G switch ( this switchport will belong to a vlan designed only to trasmit the vlans on the trunk coming from 4507 core switch say VLAN 10) then connect one VLAN 10 access switchport to the destination C2960 edge switch ( the switchport on the c2960G is still a trunk)Will this solution work and all of the 20- 4507 core switch vlans arrive to the destination C2960G ? Or we do need something that tags the 2 VLAN 10 switchports like switchport dot1q tunnel like QinQ
We have a couple of 7911 that get stuck in Registering, each monday. During the week, no user reports the problem. But after the weekend, we get ready to hear complaints from our collegues. The same phones often experience this issue, although the other phones report no problems. The problem is temporarily solved when we issue "shut/no shut" on switch ports.
I have an issue on the Cat 3750 on the voice vlan; IP Phone not registering with PBX & Signaling Server. The ip phone hits dhcp and gets an ip address from a data scope. Data scope does have dhcp options for voice, same as voice scope so it should work but it doesnt.We removed the switchport access vlan 50 command, and left the switchport access voice vlan 51, and now the phone registers.Anything I can check on the switch to make sure voice vlan is working? Any debug voice vlan commands?The switch doesnt seem to distinguish voice and data traffic.I check dhcp and both scopes vlan 50 and vlan 51 have the same configuration. Defautl GW is different of course Catalyst 3750 is running 12.2(25)SEE2 [code]
There 's a Cisco IP phone that sits between a PC and the switch port. On the switch port, no MAC address is learned. However, the switch is able to detect the IP phone and deliver power to it: [code] Switch is Catalyst 3750 with IOS version 12.2(58)SE1.
I installed some Nexus 5k to replace there 3750 and added dynamic routing. Well after working out most of the issues with most of the stuff, there is one issue that still remains. From what i understand (I have not made it abck to the site yet) when there users connect to VPN with IPSEC (they only use the thick client) they register there local ip address to DNS and thier VPN assigned IP address. At this time I dont have access to the configurations.
I am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB. On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan. However, I then see no traffic from the phone on the switch. I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked. There is no static mac address table blocking configured on the switch.
Switch Version Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 50 WS-C2960-48TC-L 15.0(1)SE3 C2960-LANBASEK9-M Port configuration interface FastEthernet0/1 description "Standard user port"
Problem is that at some C65K I have directly connected Unix servers and the don't show MAC address at port, and same has happened at 3560 switched where I have too Unix based equipments connected. When use show mac-address interface XXXX, nothis appears at port and tested them with other equipments that worked fine.
I have two Cisco 4506's running cat4500-ipbase-mz.122-50.SG3.bin. Periodically, when attaching a new workstation to these switches the Mac Address of the device disappears off the port when the device is connected or the port is configured. The only way to correct the issue is to do a hardware reset on the blade or reboot the switch. After resetting the blade or rebooting the switch the devices will start showing up on the port and connect. This does not effect devices that are already connected to the switch, just newly added devices
Both switches are populated with WS-X4148-RJ45, WS-X4148-RJ45V and WS-X4248-RJ45V blades. It doesn't matter which blade the new device is being connected to. I believe that this may be a "Bug" but have been unable to locate one.
We are facing issue with mac address learnt from different port-channels, Connectivity is like 6500 as core running VSS and 4500 access switches are connected to Core and WLC is also connected to Core.WLC to 6500 PO 60 , 4500 to 6500 PO 32.
Any "best practices" or recommendations on how to migrate from a fixed router (3745) to vlan routing on Catalyst 4507 switches in order to minimize the disruption to the network.
Our customer has a Cisco ME3600X with the IOS me 360x-universalK9-mz.122-52.EY3.They are saying that is not possible to configure the "switchport port-security mac-address sticky" in the interfaces and want to know whether any additional license is needed.As far as I know there isn't any extra license to activate this feature and also I believe the ME3600 switch should have this feature with the universal IOS, isn't that right?
I just bought a Catalyst 2960S to test out the feature "Port-Based Address Allocation" which is required for our factory. I followed the instruction from Cisco IOS and did all the steps but I could not get it to work, my network client did not received the expected IP address that I configured.
We have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.
I'm developing a project where I use the SNMP protocol to discover the network. By discovering the network I mean go through all the routers and switches and retrieve the IP routing table from routers and the forwarding table from switches. With the routers I have no problem. For the switches I need to know for each port the MAC addresses and the Vlans. Basically it's use SNMP to find a port number from a MAC address. To do that i followed this tutorial: [URL]
The problem is that I'm using a Cisco 3725 Router with IOS 12.4 (21) and a NM-16ESW module to work as a Switch and when I use the OID .1.3.6.1.2.1.17 corresponding to the BRIDGE-MIB as it follows:
From this I guess there's no information on the router about Vlans or anything. Other thing is that when I use community string indexing it returns a timeout. My theory is that this version doesn't support indexing but I don't know.
how can I get the Port Number from a MAC address from this "switch" (it's a router working as a switch) using SNMP?
I've run in to this on 3750G's in a various sized stacks. We apply port security for a mac address on a single port (not existing on more than one port - that's a different issue that appears in multiple posts already).In this case:
1) We do a 'sho mac address-table and see that the device with the mac address in question lives on one port, port 1/0/x.
2) We apply mac port security for this exact same mac address to the same port it is already attached to. switch(config)#int g2/0/2 switch(config-if)#switchport port-security mac-address 001a.1ec8.abcd
3) Get this error: 'Found duplicate mac-address 001a.1ec8.abcd'.We again confirm that that is the only port on the entire switch that has this mac-address.Try the command again, same error.
4) We do a bunch of show commands, get in and out of the switch, go back and then try it again, and now it works, same command, same port and same mac address.
-Aging is default 300 -These are Cisco wireless AP's attached to the switch -This occurs on different switches with different ports using different mac addresses, always same symptoms.
I am having a Cisco 4507 switch. The CPU on the switch is running between 50% to 60% constantly. To troubleshoot I collected some logs using debugs & show commands.
debug platform packet all receive buffer show platform cpu packet buffered debug platform packet all count show platform cpu packet statistics show processes cpu sorted | exc 0.00 show platform health show platform cpu packet statistics
show platform health output shows the below process crossing the target value.
%CPU %CPU RunTimeMax Priority Average %CPU Total Target Actual Target Actual Fg Bg 5Sec Min Hour CPU Stub-JobEventSchedul 10.00 13.41 10 47 100 500 13 13 10 5462:52 K2PortMan Review 3.00 5.35 15 11 100 500 4 4 3 1799:47
What I need to know is, though these process are running in Low Priority, will there be any issue if the CPU goes high due to these process.
Could not find a valid file in BOOT environment variable. BOOT variable can be set from IOS. To find currently setRom Monitor variables, type 'set' command.
Choosing a boot method, type 'confreg' command.rommon 1
We have recently purchased a 5Mbit line with a second ISP and will have the line activated tomorrow. In addition, we recently obtained our AS number through ARIN. How would I configure the second ISP to be used for load balancing/failover?
I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.
We will deploy several 4507 with 2xsup7 as a L2 access switches for our office.Does LAN_Base IOS version support SSO or we need purchase IP_Base IOS (L3)?
SSH has been enabled on our one and only 4507 switch for several months and working fine. A few weeks ago the switch had to be reloaded and when it was back online I couldn't SSH to it. When I connected via the console and typed "show ip ssh" it came back saying I needed to generate the keys. Did that and it starting working again. The same switch had to turned off and on the other day due to a power down in the server room and when it came back the same thing happened again!!
The version of IOS is: cat4000-i5k91s-mz.122.20.EW
QoS design problem that I have. I have a client that is deploying new 4507 series switches with SUP6Es. The client will be running lots of voice, streaming video, and video conferencing over the LAN and want to base QoS on Cisco Media net recommendations.
I need to design a new QoS policy with focus on the above media services with basic queuing for critical data services. I have read the Media net design guide and the suggested 12-class model will be too complex to start with but I have seen references to start with a 8-class model with the ability to easily migrate to 12-class in the future. The 8-class model meets all of our requirements but I need to understand how this will work with the 4507 queuing model? [URL]
we have a core switch 4507RE at the data center and 2 departments that connect to it via 10Gig fiber using X2-LRM modules. Each department has a 3 switch stack and both locations are identical w.r.t type and setup scenario.the stack comprises of 1 x 3750E and 2 x 3750G . uplink is from X2 port tengig3/0/1 from the 3750E switch.
All of a sudden dept B started facing problem , where the ping would break and throughput comes around 6 - 7 mbps from that dept to the server behind the core switch. we also noted CRC error on both sides preodically.
we replaced the multimode fiber patch cords, re did the splicing , which stopped the CRC errors to appear.now since morning the uplink port on the 3750E (3/0/1) would suddenly be in "down" state with (err-disabled) as the status when i run sh int ten 3/0/1
and i can also see CRC errors and input errors on the same interface.. if i do shut / no shut .. the port is up and active again.. but this has happned 3 times today.the core swith side is still OK and no CRC / input / output errors are seen..
now on the 3750E i have swapped the 10gig module from 3/0/1 to 3/0/2 . the port is still up but i can see 400 CRC and 500 Input errrors.the module is also OK as i had replaced it with dept 1's module.
