1832984
Members
2718
Online
110048
Solutions
Hi!
The task of unpatching a PC generally involves to just unpatch a single physical link to (the first) Switch the host is connected to...and it generally also means that no BAGG (aggregated ports) is involved...at least if you're pretty sure that that host is single linked to your network (single linked = 1 NIC port used on the host).
Here I exclude the corner case - totally possible - that you are dealing with a BAGG switch side working with just one downlink to the host where that very host is not really set to work with any bonded interfaces it eventually owns (it is a rare corner case but it is also a possible scenario --> it requires a special configuration - the lacp edge-port trick - switch side and it requires probably an unconfigured/misconfigured host on the access side).
Long story short 1 cable from host should mean 1 access interface switch side (not an aggregation interface).
That's to say that it's pretty strange to see the IP/MAC binding to interface linking you to a BAGG interface. Are you sure?
Maybe the switch you believe the host is connected to is not the one you have checked...and so the MAC is seen throught the BAGG to that very switch.
I'm not an HPE Employee
The task of unpatching a PC generally involves to just unpatch a single physical link to (the first) Switch the host is connected to...and it generally also means that no BAGG (aggregated ports) is involved...at least if you're pretty sure that that host is single linked to your network (single linked = 1 NIC port used on the host).
Here I exclude the corner case - totally possible - that you are dealing with a BAGG switch side working with just one downlink to the host where that very host is not really set to work with any bonded interfaces it eventually owns (it is a rare corner case but it is also a possible scenario --> it requires a special configuration - the lacp edge-port trick - switch side and it requires probably an unconfigured/misconfigured host on the access side).
Long story short 1 cable from host should mean 1 access interface switch side (not an aggregation interface).
That's to say that it's pretty strange to see the IP/MAC binding to interface linking you to a BAGG interface. Are you sure?
Maybe the switch you believe the host is connected to is not the one you have checked...and so the MAC is seen throught the BAGG to that very switch.
I'm not an HPE Employee
Hi @Keverso, we're here to help you.
Physically eliminating a cable's termination by cutting its known end is a little bit drastic in my opinion...and if it solves your main purpose (to secure an unsupervised zone) it also leave you with a network in an unknown state (what-is-connected-where-and-how).
Your BAGG (Bridge AGgregation Group) details show you that you're dealing with an IRF made of two member switches (where you executed the display command) which use four of its interfaces (1/2/0/7+1/2/0/8+2/2/0/7+2/2/0/8) to connect to another switch...this peer - still unknown - switch is probably the one your host is directly connected to and the logical interface bagg4 on the IRF is the interface through which your core (which, at this point, is your IRF virtual switch by doing routing) recognizes the IP you looked for (IP/MAC binding) for that host.
I'm not an HPE Employee
Physically eliminating a cable's termination by cutting its known end is a little bit drastic in my opinion...and if it solves your main purpose (to secure an unsupervised zone) it also leave you with a network in an unknown state (what-is-connected-where-and-how).
Your BAGG (Bridge AGgregation Group) details show you that you're dealing with an IRF made of two member switches (where you executed the display command) which use four of its interfaces (1/2/0/7+1/2/0/8+2/2/0/7+2/2/0/8) to connect to another switch...this peer - still unknown - switch is probably the one your host is directly connected to and the logical interface bagg4 on the IRF is the interface through which your core (which, at this point, is your IRF virtual switch by doing routing) recognizes the IP you looked for (IP/MAC binding) for that host.
I'm not an HPE Employee