Re: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface

louis0001 · ‎09-25-2018

We have dot1x/mab up and running and seem to have an odd issue that puts the port into an error state. We've set the port to auto-recover after 60s which it does and then runs for quite a while and then errors out again at different intervals.

Log shows:

%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet0/9 new MAC address (900a.a006.2d00) is seen.AuditSessionID Unassigned

even though it's the same phone/pc on the port. The switch is an old 3560G running 15.0.10 which we are using for testing prior to putting dot1x/mab into production.

Any idea of what could be causing this to happen?

Timothy Abbott · ‎09-25-2018

Please reference our universal switch configuration guide and compare it to your test switch. If you configuration is similar and you still run into issues, please contact the TAC to troubleshoot further.

Regards,
Tim

Aravind Ravichandran · ‎09-28-2018

Hi,

Please check port security is enabled on the interface or not.port security won’t play well with 802.1x as both are l2 security.

You can refer the below document https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--1079758048

-Aravind

adonay.anjos · ‎03-24-2022

Um caso semelhante que peguei, havia um hub conectado a porta identifique 2 MAC vindo da porta sendo o segundo com drop, pois minha configuração esta habilitado

authentication violation restrict

pra ver o MAC

sh mac address-table interface

Octavian Szolga · ‎03-24-2022

Hi,

There are 3 things you should check:

- the port is in multi-domain mode if using a PC and phone connected to the same port (authentication host-mode multi-domain)

- authentication violation replace command exists on the interface

- authentication mac-move permit command was configured (global config)

BR,

Octavian