Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
4
Replies

Port-security blown on port with Cisco VOIP conference phones

skinney
Level 1
Level 1

‎04-17-2015 09:20 AM - edited ‎03-10-2019 12:24 AM

We had 2 conference rooms, both with model 7937 phones, that port-security was blown making us think someone unplugged the phone and plugged in a different device. The alert we received showed the offending MAC address as the MAC addresses of the 7937 phones. Those MAC addresses were already registered with the 4500 switches they were plugged into so there is no reason why port-security would be blown by the devices that were already registered on the ports. Upon further investigation, the people in both conference rooms stated the 7937 phones rang, they answered it and then the phone went dark which then generated the alerts that port-security was blown. These 2 events happened within an hour of each other. Anyone see this before or have any idea why this happened?

Labels:
0 Helpful
4 Replies 4

Charles Hill
VIP Alumni
VIP Alumni

‎04-17-2015 09:30 AM

If the port is still in err-disabled state, enter show interface status err-disabled

and it will show you the reason for err-disabled.

 

What is the IOS?

 

0 Helpful

skinney
Level 1
Level 1
In response to Charles Hill

‎04-17-2015 09:42 AM

The ports are no longer in err-disabled state. We received alerts from a log server that showed:

"Apr 17 07:28:03.599: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 1803.73ba.12ab on port GigabitEthernet1/0/46. (ERS-HQ-FL01-SW-01-1)"

That MAC address is the 7937 phone that was connected to that port before. We see no reason why the registered MAC address on the port would blow port-security on the port it has always been connected to.

IOS:

Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.03.01.XO RELEASE SOFTWARE (fc1)

 

0 Helpful

Charles Hill
VIP Alumni
VIP Alumni
In response to skinney

‎04-17-2015 10:08 AM

Do you mind showing the port configurations of the two ports that went into err-disabled.

0 Helpful

skinney
Level 1
Level 1
In response to Charles Hill

‎04-17-2015 10:19 AM

switchport mode access
 switchport voice vlan 139
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0004.f2e8.f1bb vlan voice
 ip device tracking maximum 0
 no snmp trap link-status
 spanning-tree portfast
 service-policy output qos
end

 

0 Helpful
Customers Also Viewed These Support Documents