Re: port security

DuaneKPetersen · ‎08-08-2008

We have port sec on 5 switch at on site. 4 2950s run CAT OS and 1 4500 IOS. We are seeing port go down due to sec violations from mac addresses on neighbor switches. No physical changes, or config changes and no hubs. Ports are going down due to sec violations with now explanation.

Giuseppe Larosa · ‎08-09-2008

Hello Duane,

if you have port security enabled on inter-switches links just adding a new PC can lead over the threshold in the number of MAC addresses allowed on port.

I would suggest to disable port security on inter-switch links

At least check the port security state of inter-switches links.

It's enough to have port security on access ports.

Hope to help

Giuseppe

DuaneKPetersen · ‎08-09-2008

We already have port sec on the access ports only. We running in a secure operation and is company policy to have port sec on all access port. We seeing ports go down due to sec violation. No workstations have been moved. No seeing any spantree loops.

DuaneKPetersen · ‎08-09-2008

Listed below is line from the log

Host 00:1E:4F:C5:7F:C6 in vlan 1 is flapping between port Fa4/32 and port Fa5/15

rkhalil · ‎08-09-2008

You have a Spanning tree loop, review your topology.

--

Raul

Giuseppe Larosa · ‎08-11-2008

Hello Duane,

verify that this host is not dual homed : using two NICs with the same MAC address and the same IP over it.

If so you need to do NIC teaming = an etherchannel using LACP negotiation instead of using the two ports as separated ports.

001E4F (base 16) Dell Inc.

If the PC/server has only one NIC you have a real network problem likely a bridging loop and you need to fix it.

Hope to help

Giuseppe

johnlloyd_13 · ‎08-12-2008

you can re-enable the port by doing a shutdown/no shtudown command. try tuning your it to other violation mode, a milder one, instead of a shutdown (the default). there's one option which will show a log that there's a violation (i forgot what it is) instead of putting it in a shutdown mode.