[j-nsp] EX Switches - Internet Exchange Points
Jonathan Lassoff
jof at thejof.com
Thu Mar 25 20:00:29 EDT 2010
Excerpts from Richard A Steenbergen's message of Thu Mar 25 16:52:15 -0700 2010:
> On Thu, Mar 25, 2010 at 03:13:31PM -0400, Paul Stewart wrote:
> > The problem I'm facing we're tripping the port security on the exchange
> > switch:
> >
> > Mar 24 15:36:52.773 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
> > violation occurred, caused by MAC address 000b.45b6.f500 on port
> > FastEthernet0/1.
> >
> > It is obviously seeing several MAC addresses and doesn't like this. so I'm
> > trying to adapt a "best practice" here based on what other folks have
> > encountered along the way as we're trying our best to learn Juniper better
> > ;)
>
> The MAC address vendor database says 000b45 is Cisco, so either you have
> a misconfiguration or your Juniper is leaking something it shouldn't be,
> but at least is isn't generating something on its own. I'd recommend you
> track down that MAC address on your network and figure out how it is
> getting to the exchange, since if the Juniper is leaking things outside
> of its configured vlan it is a Big Problem (tm) which needs to be fixed.
>From the original post, it sounds like Paul was using a Cisco as the
router and just using his EX switch as an L2 device to connect the two,
in which case, the Cisco OUI seems expected.
--j
More information about the juniper-nsp
mailing list