Issue
Cisco switches reporting connected Sigma devices using more than one MAC Address which appear to be transmitted from the Sigma device connected to the port.
The error alarm reported "%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.b401.1e46 on port FastEthernet1/0/35"
Environment
All ARM7 Sigma Ethernet devices
- Cisco Catalyst 3550 Series Switches
- Cisco Catalyst 3560 Series Switches
- Cisco Catalyst 3560-E Series Switches
- Cisco Catalyst 3750-E Series Switches
Cause
- Sigma controllers broadcasting high number of Sigma globals (typically 40 per second). Upgrading BAS2800+ systems to Sigma can result in higher levels of Sigma global data than seen previously.
- Cisco switch set to 10Mb half duplex which mistakes the source MAC address of the Sigma global from a controller on one port with that of a controller on another port.
- Cisco switch has Layer 2 Security feature enabled, see Click Here
- High collision rates may also be seen at the switch.
Resolution
- Identify those Sigma objects that are broadcasting global data at high rates and suppress the rate of change of the Sigma object.
This can be achieved by:- Running Wire Shark Ethernet trace program to record the Sigma broadcast Ethernet packs per Ethernet sub-LAN.
- Email each of the saved capture files (per LAN) to your local product support for a global analysis report.
- If possible then increase the connection speed of the Cisco ports.
- New firmware for the ARM processors has been created to addresses the issue. You can find the firmware and release note on the Exchange
