Issue
Cisco switches are reporting connected Sigma devices using more than one MAC address. This results in error alarms such as:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.b401.1e46 on port FastEthernet1/0/35Product Line
Satchwell BAS & SigmaEnvironment
All ARM7 Sigma Ethernet devices
- Cisco Catalyst 3550 Series Switches
- Cisco Catalyst 3560 Series Switches
- Cisco Catalyst 3560-E Series Switches
- Cisco Catalyst 3750-E Series Switches
Cause
- Sigma controllers are broadcasting a high volume of Sigma global data (typically ~40 broadcasts/sec).
- Upgrading BAS2800+ systems to Sigma increases the volume of global data.
- Cisco switches set to 10Mb half duplex may misinterpret the source MAC address of Sigma globals, causing cross-port MAC confusion.
- Layer 2 Security features on Cisco switches may trigger violations.
- High collision rates may also be observed on affected switch ports.
Resolution
-
Identify High-Rate Sigma Objects:
- Use Wireshark to trace Ethernet traffic and identify Sigma objects broadcasting at high rates.
- Capture traffic per Ethernet sub-LAN.
-
Submit for Analysis:
- Email the capture files to your local product support team for a global analysis report.
-
Optimize Network Configuration:
- If feasible, increase the port connection speed on Cisco switches.
- Avoid using 10Mb half duplex settings.
-
Firmware Update:
- New firmware for ARM processors has been released to address this issue.
- Refer to the Exchange for firmware and release notes.
