06-17-2021 07:16 AM - edited 06-17-2021 07:17 AM
I have a Cisco 3850 access switch feeding a GS305P netgear unmanaged switch. The GS305P has 4 cisco IP phones connected and then the users' computers connected to ethernet through each of the IP phones. So in theory, 4 phones + 4 PC + GS305P = 9 mac addresses. I'm receiving the below error constantly:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address
This is the configuration for the port on the 3850:
switchport access vlan 105
switchport mode access
switchport voice vlan 108
switchport port-security maximum 10
switchport port-security
spanning-tree portfast
I have tried "no switchport port-security" but it doesn't appear to do anything. As seen below, port security is still enabled, and the maximum mac address only shows 3.
switch(config-if)#no switchport port-security
switch(config-if)#do show port-security int gi1/0/47
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 2 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 3
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : xxxx:xxxx:xxxx:xxxx
Security Violation Count : 1184
My goal is to either disable port security on the port, or just for the port to allow like 10 mac addresses.
Any help is appreciated!
06-17-2021 07:32 AM
- If you want to test without port-security you may try default int gi1/0/47 first, in the configuration, then use a 'bare' config (without psec) , for instance.
M.
06-17-2021 07:45 AM
Upon defaulting and just doing access on 105 (wired) and voice on 108 (voice) and then showing port security it's still enabled and giving the violation.
interface GigabitEthernet1/0/47
switchport access vlan 105
switchport mode access
switchport voice vlan 108
end
switch(config-if)#do sho port-security int gi1/0/47
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 2 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 3
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan :xxxx.xxxx.xxxx.xxxx
Security Violation Count : 3667
06-17-2021 07:48 AM
- Very strange, what if for instance 100 addresses are allowed in a psec-config-situation ?
M.
06-17-2021 08:08 AM
Can you post :
show port-security interface gi 1/0/47
06-17-2021 07:40 AM
i would suggest to int gi1/0/47 - make it as trunk with only VLAN allowed. (spanning-tree portfast - to be used only when the end device connected)
to see the issue debug and see what is wrong, i am sure port-sec bloking here.
as suggested you can defaul the interface and configure with out security and test, then add port-security.
06-17-2021 08:48 AM
I am defaulting the interface and still it is having port security enabled
switch(config-if)#default int gi1/0/47
Interface GigabitEthernet1/0/47 set to default configuration
switch(config)#do sho port-security int gi1/0/47
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 2 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 3
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 7486.0b8e.xxxx
Security Violation Count : 8669
196859: *Jun 17 15:43:21: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 7486.0b8e.4269 on port GigabitEthernet1/0/47.
196860: *Jun 17 15:43:26: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 7486.0b8e.4269 on port GigabitEthernet1/0/47.
196861: *Jun 17 15:43:32: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 7486.0b8e.4269 on port GigabitEthernet1/0/47.
196862: *Jun 17 15:43:38: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 7486.0b8e.4269 on port GigabitEthernet1/0/47.
196863: *Jun 17 15:43:43: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 7486.0b8e.4236 on port GigabitEthernet1/0/47.
06-17-2021 09:10 AM
show port-security interface gi 1/0/47
When you connecting to otehr switch suggest not to use voice and data vlan ( and Access port) use trunk port instead.
06-18-2021 12:43 AM
Hello,
try and add all three commands below manually in interface configuration mode:
--> no switchport port-security maximum
--> no switchport port-security mac-address sticky
--> no switchport port-security
06-18-2021 09:42 AM
There has to be something I'm missing as far as why I'm unable to disable port security
switch(config-if)#default int gi1/0/47
Interface GigabitEthernet1/0/47 set to default configuration
switch(config)#do sho run int gi1/0/47
Building configuration...
Current configuration : 39 bytes
!
interface GigabitEthernet1/0/47
end
switch(config)#int gi1/0/47
switch(config-if)#no switchport port-security maximum
switch(config-if)#no switchport port-security mac-address sticky
switch(config-if)#no switchport port-security
switch(config-if)#do sho port-security int gi1/0/47
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 2 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 3
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : xxxx.xxxx.xxxx
Security Violation Count : 478
switch(config-if)#do sho run int gi1/0/47
Building configuration...
Current configuration : 39 bytes
!
interface GigabitEthernet1/0/47
end
switch(config-if)#do term mon
switch(config-if)#
210812: *Jun 18 16:37:39: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 9c7b.ef73.511d on port GigabitEthernet1/0/47.
210813: *Jun 18 16:37:54: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 9c7b.ef73.511d on port GigabitEthernet1/0/47.
06-18-2021 10:05 AM - edited 06-18-2021 10:08 AM
post - show port-security interface gi 1/0/47
i would like to see full show run config and show ver
06-18-2021 10:13 AM
Here is the show port-security
switch#sho port-security int gi1/0/47
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 2 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 3
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 9c7b.ef73.511d:105
Security Violation Count : 3051
I am not comfortable posting the entire show run as there's some internal information, I am willing though to post a specific section if you could tell me what you're looking for
06-18-2021 10:06 AM
>There has to be something I'm missing as far as why I'm unable to disable port security
Check current software version being used on the 3850 too , use an advisory release , especially of the current running version is dated, check if that can help.
M.
06-18-2021 10:15 AM
This is current version, just upgraded not too long ago
Cisco IOS XE Software, Version 16.12.05b
Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.12.5b, RELEASE SOFTWARE (fc3)
06-18-2021 10:51 AM
i would suggest to try below config :
1. remove the cable connected to otehr switch First
2. shutdown the port
3. clear port-security all
interface GigabitEthernet 1/0/47
switchport trunk native vlan 105 < if you like you have default vlan 1
switchport trunk allowed vlan 105,108 < allow data and voice vlan here if you use vlan 1 add vlan 1 )
switchport mode trunk
switchport nonegotiate
switchport port-security maximum 10 <-- increase if you looking more
switchport port-security violation restrict
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
unshut the port
connect the cable and test it
Let me how this goes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide