Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Troubleshooting Port Security

 

Troubleshooting issues for port security on EX Series switches:

MAC Addresses That Exceed the MAC Limit or MAC Move Limit Are Not Listed in the Ethernet Switching Table

Problem

Description: You see log messages telling you that the MAC limit or MAC move limit has been exceeded, but the specific offending MAC addresses that have been exceeding the limit are not listed in the Ethernet switching table.

Solution

  1. Set the MAC limit or MAC move limit action to log.
    [edit ethernet-switching-options secure-access port]

    user@switch# set interface ge-0/0/2 mac-limit 5 action log
  2. Allow some MAC address requests to come in.
  3. View the entries in the Ethernet switching table:
    user@switch> show ethernet-switching table

Multiple DHCP Server Packets Have Been Received on Untrusted Interfaces

Problem

Description:

You see log messages that DHCP server packets were received on an untrusted interface—for example:

These messages can signal the presence of a malicious DHCP server on the network.

Solution

Configure a firewall filter to block the IP address or MAC address of the malicious DHCP server. See Configuring Firewall Filters (CLI Procedure).