I know that this issue sounds a little awkward, but we are facing a strange problem in one of our vlan's.

Some port-security events are ocurring randomly in this pile (4 computers already faced this problem) and after a while having port-security messages some IP Phones of the same VLAN start to have problems.

We are using some Cisco 7965 as a switch to computers connected to them, and after getting these port-security messages the phone stops sending the access vlan ("blocks" computers communication) but still working on its vlan (voice vlan). The computer gets disconnected and only after rebooting the phone it reconnects and start to work again. The other computers without an IP phone in between are working fine.

I've already tried to put a computer in the same conditions (with a 7965 Phone in the middle) outside that switch pile (in my desk) but in the same VLAN and it shows same problem, all of them disconnect at same time., and if i change the vlan it stops.

This is the switch pile were it all started and were this VLAN is majorly configured:

######################

SWBRJGS047#sh ver

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Wed 21-Apr-10 04:49 by prod_rel_team

Image text-base: 0x01000000, data-base: 0x02C00000

ROM: Bootstrap program is C3750 boot loader

BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

SWBRJGS047 uptime is 29 weeks, 3 hours, 42 minutes

System returned to ROM by power-on

System restarted at 04:04:41 BRA Tue Feb 26 2013

System image file is "flash:/c3750-ipbasek9-mz.122-53.SE2/c3750-ipbasek9-mz.122-53.SE2.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco WS-C3750G-48TS (PowerPC405) processor (revision E0) with 131072K bytes of memory.

Processor board ID FOC1051Y6JD

Last reset from power-on

2 Virtual Ethernet interfaces

208 Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address       : 00:1A:A2:4C:D6:00

Motherboard assembly number     : 73-10218-08

Power supply part number        : 341-0107-01

Motherboard serial number       : FOC10492Q7M

Power supply serial number      : AZS1045091A

Model revision number           : E0

Motherboard revision number     : C0

Model number                    : WS-C3750G-48TS-S

System serial number            : FOC1051Y6JD

Top Assembly Part Number        : 800-26857-01

Top Assembly Revision Number    : B0

Version ID                      : V03

CLEI Code Number                : CNMWU00ARC

Hardware Board Revision Number  : 0x09

Switch Ports Model              SW Version            SW Image

------ ----- -----              ----------            ----------

*    1 52    WS-C3750G-48TS     12.2(53)SE2           C3750-IPBASEK9-M

     2 52    WS-C3750G-48TS     12.2(53)SE2           C3750-IPBASEK9-M

     3 52    WS-C3750G-48TS     12.2(53)SE2           C3750-IPBASEK9-M

     4 52    WS-C3750G-48TS     12.2(53)SE2           C3750-IPBASEK9-M

Switch 02

---------

Switch Uptime                   : 29 weeks, 3 hours, 37 minutes

Base ethernet MAC Address       : 00:1A:A2:47:28:80

Motherboard assembly number     : 73-10218-08

Power supply part number        : 341-0107-01

Motherboard serial number       : FOC105141K7

Power supply serial number      : AZS104508R7

Model revision number           : E0

Motherboard revision number     : C0

Model number                    : WS-C3750G-48TS-S

System serial number            : FOC1051Y6GH

Top assembly part number        : 800-26857-01

Top assembly revision number    : B0

Version ID                      : V03

CLEI Code Number                : CNMWU00ARC

Switch 03

---------

Switch Uptime                   : 29 weeks, 3 hours, 37 minutes

Base ethernet MAC Address       : 00:1A:A2:24:26:80

Motherboard assembly number     : 73-10218-08

Power supply part number        : 341-0107-01

Motherboard serial number       : FOC10511L64

Power supply serial number      : FXD10170092

Model revision number           : E0

Motherboard revision number     : C0

Model number                    : WS-C3750G-48TS-S

System serial number            : FOC1051Y59Y

Top assembly part number        : 800-26857-01

Top assembly revision number    : B0

Version ID                      : V03

CLEI Code Number                : CNMWU00ARC

Switch 04

---------

Switch Uptime                   : 29 weeks, 3 hours, 37 minutes

Base ethernet MAC Address       : 00:22:0D:A0:CB:00

Motherboard assembly number     : 73-10218-08

Power supply part number        : 341-0107-01

Motherboard serial number       : FOC12255NU7

Power supply serial number      : AZS121903M0

Model revision number           : F0

Motherboard revision number     : C0

Model number                    : WS-C3750G-48TS-S

System serial number            : FOC1226Z19T

Top assembly part number        : 800-26857-02

Top assembly revision number    : A0

Version ID                      : V04

CLEI Code Number                : COM7X10ARA

Configuration register is 0xF

######################

Below the configuration of the last faulty switchport:

interface GigabitEthernet3/0/39

switchport access vlan 122

switchport mode access

switchport voice vlan 199

switchport port-security maximum 5

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast

spanning-tree bpduguard enable

end

######################

The logs are like this (unforunately had some problems with the file i've saved the original logs and now the buffer is gone):

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC addr ess

A lot of port-secutity like this with dummy macs until it reaches its maximum (5), then the port gets disconnected and the port-security stops.

We sent a techinician there to check those computers and they all seem to be good, no antivirus logs or suspicious softwares.

Last time it happened after worktime with no one there... pretty strange.

#######################

Port security on that port:

SWBRJGS047#sh port-security interface gi3/0/39

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Restrict

Aging Time                 : 5 mins

Aging Type                 : Inactivity

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 5

Total MAC Addresses        : 0

Configured MAC Addresses   : 0

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 782b.cbc0.514f:122

Security Violation Count   : 0

Another strange thing is that if i do a SH PORT-SECURITY and check the counters of this interface i get

   Gi3/0/39              5            0                  0         Restrict

As if nothing happened.

Thanks in advance.

Daniel