Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

UDT discovering STATIC MACs versus DYNAMIC MACs

I need assistance from the collective. Here’s the issue:

We implemented Cisco Port-Security sometime ago to lock down VoIP phones for e911. I believe just I found an issue with UDT and Cisco Port-Security and how MAC addresses are discovered.

Here’s a breakdown:

We have a Cisco 3650-48 PS. Some ports have port-security enabled some don't For a switchport with a VoIP phone and a PC and with Port-Security disabled UDT shows both the PC and the VoIP phone. However on the switchport that has port-security enabled UDT only shows the PC. The port without port-security lists the MAC address as DYNAMIC while the port with port-security shows the MAC address as STATIC. A quick Cisco document confirmed this was a valid thing, so my next logical set was to remove port-security to see what Solarwinds would do.

Here's the results:

# sh run int gig 1/0/2

Description no port-security

Switchport access vlan 99

Switchport mode access

Switchport voice vlan 199

Switchport port-security maximum 2

Switchport port-security violation restrict

#Sh mac address-table int gig 1/0/2

Vlan Mac Address Type Ports

------- ---------------- ----- ------

99 0024.b5xx.xxxx DYNAMIC Gi1/0/2

99 1803.73xx.xxxx DYNAMIC Gi1/0/2

199 0024.b5xx.xxxx DYNAMIC Gi1/0/2

<UDT shows both MAC addresses>

# sh run int gig 1/0/7

Description port-security

Switchport access vlan 99

Switchport mode access

Switchport voice vlan 199

Switchport port-security

Switchport port-security maximum 2

Switchport port-security violation restrict

#Sh mac address-table int gig 1/0/2

Vlan Mac Address Type Ports

------- ---------------- ----- ------

99 1803.73xx.xxxx STATIC Gi1/0/7

199 0016.65xx.xxxx STATIC Gi1/0/7

<UDT only shows one MAC address, the PC on vlan 99. UDT will not show the other MAC address no matter what I did>

<That is until I did the following>

#config t

(config)# int gig 1/0/7

(config-if) no switchport port-security

Exit

<now the fun part>

#Sh mac address-table int gig 1/0/7

Vlan Mac Address Type Ports

------- ---------------- ----- ------

99 1803.73xx.xxxx DYNAMIC Gi1/0/7

199 0016.65xx.xxxx DYNAMIC Gi1/0/7

<Rediscovered the switch and suddenly UDT is showing both of the MAC address for interface Gi 1/0/7>

So here’s that I need assistance with.

A – Can someone reproduce this in your environment?

B – Can someone “in the know” please confirm if UDT only discovers DYNAMIC MAC addresses?

If both are a yes then a enhancement request needs to be made that allows UDT to discover both STATIC and DYNAMIC MAC addresses. And if that’s not possible and a bad idea please explain why.

Find more posts tagged with

Accepted answers

All comments

mesverrum

Whenever something strange seems to be happening in UDT i always go to the source, use SNMP to query your device under all of the scenarios you tested. If somehow cisco is restricting the output of their devices based on the security setting then Solarwinds is only going to show the information they present, and the place to make your feature request would be at Cisco. UDT doesn't utilize the CLI to get info like that so there is not much value in comparing it to the CLI outputs.

rschroeder

I verify seeing the same behavior in my Cisco network.

But consider tweaking your testing slightly, just to be 100% certain of the actual cause and condition. We all expect that disabling port-security on a switchport "should be" all that is taken into account by the switch, no matter what other port-security settings are present. But you've left other port-security settings present on the port while disabling port-security. I'd just want to KNOW that those "unused" port-security settings do not in any way affect how the switch reacts to data & VoIP VLAN MAC addresses when port-security is not enabled on the port.

Does the port react the same way for MAC address counts when you also remove ALL port-security settings while disabling port-security on the port? Or do you see different behavior when you have "port-security maximum" and "port-security violation" commands present on the same port for which port-security has been disabled, but not totally removed?

bourlis

rschroeder

It has been my experience that the switch ignores any remaining port-security command lines as the feature is disabled by the "no switchport port-security" command. In fact that is our default configuration for switches, all switches have the port-security commands minus the command that enables it. Nodes on the switch can move around freely and UDT is updated when a discovery is ran.

Hopefully I'm answering your question correctly.