Re: MAC Aging Time Behavior from Carlos G Mendioroz on 2011-08-08 (Ccielab archives 08/2011)

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Mon, 08 Aug 2011 21:07:20 -0300

I would look for any CDP message happening when PC port goes down.
May be some cisco black magic :)
(You will need a hub to test this, though. You still have one, right ? :)

-Carlos

Joe Astorino @ 08/08/2011 15:21 -0300 dixit:
> I am working on a port-security deployment and noticed something interesting
> to me. I was wondering if anybody else has seen this or can explain this
> particular situation. In this particular environment, we have IP phones
> directly connected to Cisco 3750-x access-layer ports. PCs are then plugged
> into the phones. I am using dynamic secure address learning with the below
> configuration:
>
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security maximum 1 vlan voice
> switchport port-security
> switchport port-security aging time 5
> switchport port-security aging type inactivity
>
> My original thought was to configure an aging time of 5 minutes of
> inactivity because aging is disabled by default (set to 0). The
> documentation seems to indicate that without setting an aging time,
> dynamically learned addresses will simply never age out. That all makes
> sense.
>
> Here is the interesting part to me -- If I unplug the PC from the downstream
> phone, the dynamically learned secure MAC address is immediately aged out on
> the switch. Also, the mac address is aged out of the mac address table
> immediately. I am wondering, how does this happen when the device being
> disconnected is downstream off another "switch". When I disconnect the PC
> from the switch port of the phone, does the phone in fact "signal" to the
> upstream switch somehow? If so, how does this happen? I can't find
> anything that explains that.
>
> One thought I had was STP TCN, but I am running RSTP on the switch and edge
> ports transitioning to down do not count as changes in RSTP. My only other
> thought is some sort of magic in CDP but I can't find anything that says
> that.
>
> Thanks guys for any feedback!
>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

Received on Mon Aug 08 2011 - 21:07:20 ART

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART