cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

79
Views
0
Helpful
3
Replies
Beginner

port disabled

I have this issue and could not figure out why it is happening 

 

  • sho int Gi4/0/16
    GigabitEthernet4/0/16 is down, line protocol is down (err-disabled)

 

  • interface GigabitEthernet4/0/16
    switchport access vlan 20
    switchport mode access
    switchport voice vlan 50
    device-tracking
    authentication host-mode multi-domain
    authentication open
    authentication order dot1x mab
    authentication priority dot1x mab
    authentication port-control auto
    mab
    trust device cisco-phone
    dot1x pae authenticator
    dot1x timeout tx-period 10
    storm-control broadcast level 0.10
    storm-control multicast level 0.10
    auto qos voip cisco-phone
    spanning-tree portfast
    spanning-tree bpduguard enable
    service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
    service-policy output AutoQos-4.0-Output-Policy

 

switch log

  • Feb 26 12:25:33.129: %PM-4-ERR_DISABLE: security-violation error detected on Gi4/0/16, putting Gi4/0/16 in err-disable state
  • Feb 26 12:25:33.133: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet4/0/16, new MAC address (9890.96c2.2eed) is seen.AuditSessionID Unassigned
  • Feb 26 12:25:34.130: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4/0/16, changed state to down
3 REPLIES 3
Contributor

Re: port disabled

Hi,please shut the port than on the port type no switchport port-security and no shut the port.

VIP Advisor

Re: port disabled

Hi,

Can you try the command 'authentication mac-move permit'?

**** Please remember to rate useful posts
Highlighted
Beginner

Re: port disabled

I had the same issue where I was doing dot1x for an endpoint where was behind an IP phone. My workaround is to add:

 

authentication violation replace