Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11177
Views
13
Helpful
4
Replies

%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet0/9 new MAC address (900a.a006.2d00) is seen.AuditSessionID Unassigned

louis0001
Level 3
Level 3

‎09-25-2018 10:05 AM

We have dot1x/mab up and running and seem to have an odd issue that puts the port into an error state. We've set the port to auto-recover after 60s which it does and then runs for quite a while and then errors out again at different intervals.

Log shows:

%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet0/9  new MAC address (900a.a006.2d00) is seen.AuditSessionID  Unassigned


even though it's the same phone/pc on the port. The switch is an old 3560G running 15.0.10 which we are using for testing prior to putting dot1x/mab into production.

Any idea of what could be causing this to happen?

3 people had this problem
Labels:
0 Helpful
4 Replies 4

Timothy Abbott
Cisco Employee
Cisco Employee

‎09-25-2018 10:08 AM

Please reference our universal switch configuration guide and compare it to your test switch. If you configuration is similar and you still run into issues, please contact the TAC to troubleshoot further.

Regards,
Tim
0 Helpful

Aravind Ravichandran
Level 3
Level 3

‎09-28-2018 11:48 PM

Hi,

Please check port security is enabled on the interface or not.port security won’t play well with 802.1x as both are l2 security.

You can refer the below document https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--1079758048

 

 

-Aravind

adonay.anjos
Level 1
Level 1

‎03-24-2022 07:43 AM

Um caso semelhante que peguei, havia um hub conectado a porta identifique 2 MAC vindo da porta sendo o segundo com drop, pois minha configuração esta habilitado 

authentication violation restrict

pra ver o MAC

sh mac address-table interface

0 Helpful

Octavian Szolga
Level 4
Level 4

‎03-24-2022 10:55 AM

Hi,

 

There are 3 things you should check:

- the port is in multi-domain mode if using a PC and phone connected to the same port (authentication host-mode multi-domain)

- authentication violation replace command exists on the interface

- authentication mac-move permit command was configured (global config)

 

BR,

Octavian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents