Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
3
Replies

port disabled

BigK
Level 1
Level 1

‎02-26-2019 02:56 PM - edited ‎02-26-2019 02:56 PM

I have this issue and could not figure out why it is happening 

 

  • sho int Gi4/0/16
    GigabitEthernet4/0/16 is down, line protocol is down (err-disabled)

 

  • interface GigabitEthernet4/0/16
    switchport access vlan 20
    switchport mode access
    switchport voice vlan 50
    device-tracking
    authentication host-mode multi-domain
    authentication open
    authentication order dot1x mab
    authentication priority dot1x mab
    authentication port-control auto
    mab
    trust device cisco-phone
    dot1x pae authenticator
    dot1x timeout tx-period 10
    storm-control broadcast level 0.10
    storm-control multicast level 0.10
    auto qos voip cisco-phone
    spanning-tree portfast
    spanning-tree bpduguard enable
    service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
    service-policy output AutoQos-4.0-Output-Policy

 

switch log

  • Feb 26 12:25:33.129: %PM-4-ERR_DISABLE: security-violation error detected on Gi4/0/16, putting Gi4/0/16 in err-disable state
  • Feb 26 12:25:33.133: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet4/0/16, new MAC address (9890.96c2.2eed) is seen.AuditSessionID Unassigned
  • Feb 26 12:25:34.130: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/0/16, changed state to down
0 Helpful
3 Replies 3

ognyan.totev
Level 5
Level 5

‎02-26-2019 09:50 PM

Hi,please shut the port than on the port type no switchport port-security and no shut the port.

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎02-26-2019 10:13 PM

Hi,

Can you try the command 'authentication mac-move permit'?

**** Please remember to rate useful posts
0 Helpful

socratesp1980
Level 1
Level 1

‎02-26-2019 10:54 PM

I had the same issue where I was doing dot1x for an endpoint where was behind an IP phone. My workaround is to add:

 

authentication violation replace

 

 

0 Helpful
Customers Also Viewed These Support Documents