I seem to recall a lot of conversations about this when that feature was
introduced. Another Useless Feature.
________________________________
John Marcum
MCITP, MCTS, MCSA
Desktop Architect
Bradley Arant Boult Cummings LLP
________________________________
[MVP] <https://mvp.microsoft.com/en-us/overview>
[MMS] <http://mmsmoa.com/>
From: [email protected] [mailto:[email protected]] On
Behalf Of Murray, Mike
Sent: Thursday, March 10, 2016 11:14 AM
To: [email protected]
Subject: [mssms] ConfigMgr wake-up proxy and port-security
FYI, got this message from one of our network guys. This involved another
campus.
~~~~~~~~~~~~~~~~~
We ran into a really "interesting" issue this week. The SCCM guys decided to
implement the SCCM "wake-proxy" feature on the SCCM. Not quite the normal
magic packet WOL procedure. This has the SCCM server hit specific machines,
which then go and hit the machines in their vlan. However, these "manager
machines" also spoof the mac addresses of the machines that go to sleep in
their vlan in order to keep the MAC alive in the switch tables.
This is quite fun when you have port-security turned on that limits the number
of mac addresses on the ports! We had random machines dropping off the
network, DHCP issues, etc. It was quite fun to chase down what exactly was
going on. The only indication that we saw was that ports were showing multiple
MAC addresses when we knew that there was only one device connected to it and
it was not running a VM. Wasn't even logged into.
Fortunately, something ticked the back of my mind about a feature they were
thinking about implementing on the SCCM and we were able to put the pieces
together. Otherwise, we would still be scratching our heads over this.
Bottom line? DO NOT implement SCCM wake-proxy with any sort of port-security
enabled. Better yet, just don't implement wake-proxy at all.
Here is a discussion we found afterwards, once we knew what to look for.
https://supportforums.cisco.com/discussion/11835361/mac-address-flapping-and-sccm-wake-proxy
I worked with ALU TAC all afternoon on this. The only weirdness that we could
see was that the packet capture showed that the computer was sending out
replies to ARP packets that were not for his MAC address.
I sent them the above link, so hopefully, they can add it to their internal
database and be prepared if they see it again.
Just letting you all know!
________________________________
Confidentiality Notice: This e-mail is from a law firm and may be protected by
the attorney-client or work product privileges. If you have received this
message in error, please notify the sender by replying to this e-mail and then
delete it from your computer.
