AP9617 and Cisco Port security on Switch

Anonymous user · ‎2021-07-08

Hi Everyone,

I am wondering if anyone else have had this issue -

We have got Cisco switch infrastructure with port security on them. Port Security is a Cisco port config that captures a MAC address once the device is plugged in and saves it in a list so that no other device can be plugged in there. If a new mac address is seen on this port, port will be disabled. A sys admin will then have to manually enable the port.

Now, We are using various UPS's with AP9617 card in that has been configures with static ip for monitoring.

For some unknown reason on all the switches that has 'Port Security ' on and a AP9617 plugged in, are getting disabled everyday. I have to then manually enable them to Monitor the UPS again.

This only started happening once we had ' Port security' enabled. This happens more or less everyday/everynight on various switches. I have tried changing speed and duplex settings on the switches - no joy.

This is so annoying and not normal. Any ideas ?

Regards,

Sheikh

voidstar_apc · ‎2021-07-08

In that case, because:

- The NMC has no built-in knowledges of Cisco's MAC and

- The MAC belongs to the router and will be on all packets coming from outside of the subnet

I suspect if you use wireshark, you'll find that a recieved packet got retransmitted.

See Answer In Context

BillP · ‎2021-07-08

I haven't heard anyone mention this in relation to APC devices. Does the switch store any type of log as to when the port was disabled and why - like does it keep a record of what MAC address was supposedly seen? I imagine the answer may be no or else you would've mentioned it.

Anonymous user · ‎2021-07-08

Hi Angela,

I have not looked in the logs yet. However, I am sure this is gonna happen again and I will have look at the log as soon as it happens. Will post it straight way.

Regards,

Sheikh

Anonymous user · ‎2021-07-08

Hi,

had a look at the logs..the port saw a different mac address ( ? ) and went into err-disable mode.

Any ideas why this would happen ?

Do these cards change mac address randomly for some reason ?

Regards,

Sheikh

voidstar_apc · ‎2021-07-08

It's not designed to change MAC addresses however it would not surprise me if a packet got out with a different MAC address. If this is happening once a day, I'd leave Wireshark running for the day. While the AP9617 is no longer sold and isn't receiving updates, perhaps the other MAC address is predictable and can be added to the list or perhaps Wireshark will implicate a specific network protocol that can be disabled.

As an end-user, I wish Cisco had never invented port security. Maybe the NMC needs a nice sleep proxy server...

BillP · ‎2021-07-08

Does it show you what MAC address it saw? Just curious if it started with APC's vendor code 00 C0 B7 or if it is something totally different.

Anonymous user · ‎2021-07-08

I should have made a note of that mac address when i looked at it last time....I have 2 more that happened yesterday night but..I have only looked at it now. So, the switch log has filled up with ports up and downs..

I will keep an eye on these..and see if i can get the mac address

cheers for everyone's input here..

Anonymous user · ‎2021-07-08

Right , here is the mac that caused the err-disable state - 0022.bd34.5400 belongs to cisco systems. : )

This mac belongs to the router as in our core switch. So, for some reason these cards are spoofing the mac address of the default gateway ( ? )

Any ideas guys..?

voidstar_apc · ‎2021-07-08

In that case, because:

- The NMC has no built-in knowledges of Cisco's MAC and

- The MAC belongs to the router and will be on all packets coming from outside of the subnet

I suspect if you use wireshark, you'll find that a recieved packet got retransmitted.