[j-nsp] EX Switches - Internet Exchange Points
Richard A Steenbergen
ras at e-gerbil.net
Thu Mar 25 19:52:15 EDT 2010
On Thu, Mar 25, 2010 at 03:13:31PM -0400, Paul Stewart wrote:
> The problem I'm facing we're tripping the port security on the exchange
> switch:
>
> Mar 24 15:36:52.773 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
> violation occurred, caused by MAC address 000b.45b6.f500 on port
> FastEthernet0/1.
>
> It is obviously seeing several MAC addresses and doesn't like this. so I'm
> trying to adapt a "best practice" here based on what other folks have
> encountered along the way as we're trying our best to learn Juniper better
> ;)
The MAC address vendor database says 000b45 is Cisco, so either you have
a misconfiguration or your Juniper is leaking something it shouldn't be,
but at least is isn't generating something on its own. I'd recommend you
track down that MAC address on your network and figure out how it is
getting to the exchange, since if the Juniper is leaking things outside
of its configured vlan it is a Big Problem (tm) which needs to be fixed.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list