Core issue
The message looks similar to this:
%SECURITY-1-PORTSHUTDOWN: Port [dec]/[dec] shutdown due to [chars]
This message indicates that a port has been shut down due to an insecure host sourcing a packet into that port. [dec]/[dec] is the module number/port number of the port that has shut down, and [chars] can be either a security violation or no space in the forwarding engine lookup table.
In other words, when a host sends an insecure source address packet to a secured switching port, the port shuts down.
A security violation occurs if the maximum number of secure MAC addresses have been added to the address table and a workstation whose MAC address is not in the address table attempts to access the interface.
You can set the port for these two modes in order to handle a security violation:
In some scenarios, this is due to static MAC assigned to switch conflicting with port security dynamic MAC.
Resolution
The resolution is to check why the host is sourcing a packet into that port. You can change the security violation mode with the set port security command. violation {shutdown | restrict}
In order to display the status of the port that has experienced a security violation, use the show port security command.
When the issue is due to static MAC, then remove static MAC assigned on other port.
Since the addresses are manually configured or auto-configured, they are stored in non-volatile RAM (NVRAM) and maintained after a reset, use the clear port security command in order to clear MAC addresses from a list of secure addresses on a port.
Note: If the clear command is executed on a MAC address that is in use, that MAC address is learned and made secure again. For this reason, it is recommend that you disable port security before you clear MAC addresses.
As a workaround, you can also upgrade the CatOS to the latest release, which can be downloaded from Cisco Downloads.
