Symptom
Port-security violation occurs on an access switch that connects to the management interface on C9200 due to a random bugus/rogue mac-address.
Conditions
When port-security is configured on an access switch, and it is connected on the management port on C9200.
Workaround
switchport port-security maximum 2 - As only one bogus/rogue mac-address is seen.
Further Problem Description
Test-1: Tried in both customer's setup as well in CALO lab.
Topology:
C3560 Any regular port ------------- Mgt port C9200
C3560 is acting as management switch in this topology.
Troubleshooting and repro notes:
9200 is running on 17.3.5 and 3560 is on 15.2(4)E10. The issue is seen with latest versions as well.
L2 switch (3560) is connected to L3 switch (9200) to its management interface gig0/0 via gig0/17.
Port security is applied on g0/17 on C3560.
Port learns a random bogus mac addresses and goes down due to port-security violation. .
Took SPAN over interface gig0/17 (ingress capture).
The bogus mac address is not visible.
Debugs shows the port security violation due to mac cac4.66b4.324a.
The 3560 is the management switch and there are multiple switches connected in the same fashion and everything is working as expected. Customer confirmed that only C9200s are exhibiting this issue.
We do not see any incoming packet from 9200 with the rogue mac address.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Test-2: Tried in both customer's setup as well in CALO lab.
Topology:
C3850 Any regular port ------------- Mgt port C9200
C3850 is acting as management switch in this topology.
Troubleshooting and repro notes:
Performed a similar test with C3850 and C9200.
Port security is applied to a random regular interface on C3850.
The port on the C3850 went down due to Port-scurity violation and this time we were able to trace the mac with the help of SPAN capture.
The violating mac belonged to IPv6 multicast listener reports.
We didn't see IPv6 multicast listener reports in the case of C3560.
