Port Security

sam-lee · ‎01-14-2007

Hi All,

Recently, my client complaint that they found the connection to server is very slow. As i checked on the port, I found that the port duplex/full is half/100. I saw a lot collision error on that port. As i tried to hard set the duplex/speed to be full/100, I got the error message below

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address xxxx.xxxx.xxxx on port FastEthernet 0/23

Here is my port config

interface FastEthernet0/23

switchport access vlan 3

switchport mode access

switchport port-security

switchport port-security violation restrict

no ip address

no mdix auto

spanning-tree portfast

Does anyone know why i got such msg?

Regards,

Sam

sourabhagarwal · ‎01-14-2007

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred caused by MAC [enet] on port [chars].

This message means that an unauthorized device attempted to connect on a secure port. MAC [enet] is the MAC address of the unauthorized device, and port [chars] is the secure port.

Recommended Action: Identify the device that attempted to connect on the secure port.

sam-lee · ‎01-14-2007

Thanks for your reply.

But this is the same server that connected to that port.

If it is unauthorized device, I should see the error before i change the duplex/speed.

As i change back to auto-nego, the error stopped

abhishek_nandavat · ‎01-14-2007

Hi,

You have port-security configured onto your port which means you have restricted the number of MAC addresses on the port, that is a limited number of devices can connect to that port on the switch. As seen from your confiuration you have not defined the maximum number of 'secure' MAC addresses, therefore the default value which is 1 is in force. Also violation action has been set which is 'restrict' mode, that is data transfer is restricted from that port.

You can increase the number of 'secure' MAC addresses on the port, or you can remove the port security from that port. Use the following command to increase the number of secure 'MAC' addresses on the port - "switchport port-security maximum "

So you got that message because the port-security on that port was violated and then action of restricting the data transfer was taken and accordingly a message was logged.

Refer to this link for more -->

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008062cf24.html#wp1093165

Hope this helps..

Regards,

AbhisheK

Please rate all helpful posts!!!

sam-lee · ‎01-15-2007

Hi,

I am sorry but i still don't know understand why the switch port was violated when i just change the duplex/speed

Rgds,

Sam

abhishek_nandavat · ‎01-15-2007

Hi,

Can you tell me if the MAC address mentioned in the error is the same as that of your server?? If not then maybe some one did try to plug-into that port.

Moreover go through the following text, it might help as well...

"Each interface has a default or configured number of MAC addresses that you can secure when port security is enabled. You should determine the number of MAC addresses that can be secured per port and configure the interface with that number of addresses. With proper configuration and under anticipated operating conditions, port security continues to work normally.

Virus infections, hostile workstations, or accidentally reconfiguring hosts, can cause end hosts to send out packets with more than the expected number of MAC addresses. This causes a port security violation. Under such conditions, the system logs the following error message and sends a trap if SNMP traps for port security are enabled.

*Jul 26 10:23:54.267: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi2 /3,

putting Gi2/3 in err-disable state *Jul 26 10:23:54.271:

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address

0001.0600.0101 on port GigabitEthernet2/3

Based on the violation mode, either the port can be error-disabled (shutdown mode), or the packets from the unsecure addresses can be dropped in the software (restrict mode).

To ensure that the CPU is not loaded when such an event occurs, you should set the violation mode to shutdown. You can configure errdisable recovery and timeout to ensure an automatic recovery from the error-disable state. "

Hope this helps...

Regards,

AbhisheK

Please rate all helpful posts!!!