Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1612
Views
1
Helpful
16
Replies

Cisco 9200 err-disable AUTHMGR-5-SECURITY_VIOLATION

117222400
Level 1
Level 1

‎10-08-2024 05:56 PM - edited ‎10-08-2024 10:41 PM

Hi Expert,

Recently, one port on our 9200 switch went to err-disable state and the status LEDs are all off. 

The port configuration is as below: it is connected to a desktop PC

117222400_0-1728434470316.png

The logs is as below, it looks before it goes to err-disable state, the port up and down for many times. seems the user was rebooting the machine

117222400_0-1728441925852.png

 

during error, checked the controller:

117222400_3-1728434665278.png

117222400_4-1728434718331.png

117222400_5-1728434751371.png

117222400_7-1728434848657.png

 

The machine authentication in ISE is not responded:

117222400_0-1728436119355.png

 

I just found this link seems the same issue, but not sure why the pc's MAC changed?

https://github.com/inverse-inc/packetfence/issues/1588

It occurred the second time, and can be resolved by shutdown/no shutdown to reset the port.

But we still need to find out the root cause. Any ideas about it?

Thanks 

 

 

 

 

0 Helpful
16 Replies 16

Arne Bier
VIP
VIP
In response to 117222400

‎10-10-2024 10:39 PM

Wow - I hope it's not a bug - I guess one way to find out is to reboot the switch and then observe - if it's a slow memory leak then you might not see this issue for a while. To be honest, I have never seen an err-disable on any of my NAC deployments, because I only use  host mode "multi-auth".   The only time I have seen err-disable in NAC deployments, was in the lab when I configured host mode multi-domain and then provoked the switch to cause the issue.

If you're 100% sure you have configured multi-auth, then you should NOT ever encounter err-disable.  Unless there is some other funky thing I didn't know about port security.  Have you opened a TAC case?

0 Helpful

117222400
Level 1
Level 1
In response to Arne Bier

‎10-17-2024 10:40 PM

Thanks for your reply, we've opened a case to TAC, and they collected some packets on the port. 

We also changed the data port on the user's desk and the network cable that connected to the user's PC, the issue didn't occur for a week now. not sure if it is a cable or patching panel issue.

0 Helpful
Customers Also Viewed These Support Documents