Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC I've been directed to engage MAC locking on my campus. It has not been difficult to do. I have a question about a MAC violation, though.
We're using syslog, which reports MAC violations nicely. But, what it reports is that a Mac address caused a violation on a particular port at a particular time. What I can't seem to see, is how do I know if that violating MAC is still connected? If the statically locked host is back on that port, that's easy enough to see with NetSight Compass. But, back to the problem of a MAC address that is not locked to a port, compass has no knowledge of the attached MAC if it is not allowed in on a port. There's no point in doing a Compass search for it, it can't be found. In one scenario, I have two MAC violations from the same MAC on the same switch, separated by four days. That address first showed up on one port, then four days later, on another. Right now, the first port has no link light, so there is nothing connected to it. But, the second port does have a link light, although Compass reports no host on that port. I suspect that violating MAC is sitting on that second port. How can I know what MAC is connected without letting that host into the network? Is it good practice to temporarily put that port into the discard VLAN, then set the number of max first arrival addresses to something other than zero to let him connect? I'd be able to identify it then, I think. Jesse W. Ohlsson Engineer, Information Systems Administration NCSA Sector Mons, Customer Services Squadron B7010 SHAPE Belgium tel: +32-65-44-8518; NCN 254-8518 --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
