Cisco 3550 Port Security
Paule123
Member Posts: 26 ■□□□□□□□□□
in CCNA & CCENT
Hi,
Not sure where to post this one really...
We have two Cisco 3550 switches connecting upto 10 servers each an HP server with dual NICs in teamed configuration.
The servers are running Server 2003 Standard 32bit and Enterprise 64 bit.
The strange thing is both are configured identically BUT the port security enabled switch ports on any 64bit / Enterrise server go into error disabled state - but only one of them (the standby interface). On the standard boxes or 32bit they work perfectly.
Trying to narrow this down to whether its the switch or server config causing the problem. Increased the maximum MAC Addresses allowed per port to 2 today but this still results inthe same error disabled state on the switch port.
Really confused any advice apprectiated
Not sure where to post this one really...
We have two Cisco 3550 switches connecting upto 10 servers each an HP server with dual NICs in teamed configuration.
The servers are running Server 2003 Standard 32bit and Enterprise 64 bit.
The strange thing is both are configured identically BUT the port security enabled switch ports on any 64bit / Enterrise server go into error disabled state - but only one of them (the standby interface). On the standard boxes or 32bit they work perfectly.
Trying to narrow this down to whether its the switch or server config causing the problem. Increased the maximum MAC Addresses allowed per port to 2 today but this still results inthe same error disabled state on the switch port.
Really confused any advice apprectiated
Comments
-
Bert McGert
Member Posts: 122
Sounds like you should look at the difference in number of mac addresses logged by the switchports for the two different types of servers. That'd give you the max addresses you'd need to configure for the different types. -
xwesleyxwillisx
Member Posts: 158
I 2nd Bert's intuition... Do a 'show mac address-table interface' command to see what MAC's are being learned on the interfaces...
Also, what kind of team is it? Is it fault-tolerance only or is there any load balancing being done? This will make a difference, the switch won't like the same MAC address on more than 1 interface (loop)...
Good luck -
Paule123
Member Posts: 26 ■□□□□□□□□□
Hi guys thanks for the suggestions.
All the teamed nics were originally in "Fault tolerance with preference order" mode but we tried a few different options and have left one or two in "auto" to see if this helps.
This has been bugging me so i've spent some time on google, on the HP Server the team is supposed to consist of 3 MAC address:
Primary NIC
Secondary NIC
Virtual NIC (Team)
Looking at the server the HP software is allocating the Primary NICs MAC to that physical card plus the Teamed (virtual NIC) - is this where its causing the problem?
The blurb on the net seems to suggest you should have 3 distinct MACs but this isnt the case on any of the HP boxes. Some of the other google results suggested etherchannels for the teamed nic connections but I cant see why you would need this effectively running a failover config.
I can't get into the switch from here but will run the commands in teh morning to see what is happening. WHen i left this evening a "show port-security interface" was showing two MACs on the primary connection and i couldnt run it quickly enough on the secondary before it fell over.
Thanks again
Paul