Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
781
Views
0
Helpful
5
Replies

2960s port security

Aran
Level 1
Level 1

‎09-21-2017 12:37 AM - edited ‎03-08-2019 12:06 PM

Having a issue with port secuirty, happens more than once and on diffrent ports with the same port config

 

See below outputs am i missing something? or not understading 

 

***Show logg***

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address f8ca.z835.b777 on port GigabitEthernet2/0/41

 

 

***show port-security***

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------

Gi2/0/41             20            1               1397         Restrict

 

 

 

***show port-security interface gigabitEthernet 2/0/41***
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 10 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 20
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0019.z1e5.b999:20
Security Violation Count : 1397

 

 

***Port Config***

interface GigabitEthernet2/0/41
switchport access vlan 10
switchport mode access
switchport nonegotiate
switchport voice vlan 20
switchport port-security maximum 20
switchport port-security
switchport port-security aging time 10
switchport port-security violation restrict
load-interval 30
storm-control broadcast level 5.00
spanning-tree portfast
spanning-tree guard root
ip dhcp snooping limit rate 30

1 person had this problem
Labels:
0 Helpful
5 Replies 5

mahditalebi
Level 1
Level 1

‎09-21-2017 01:42 AM

Dear Aran,

Your "show port-security" command shows that there is 1397 times that you sent frames that were not in your 20 cached MAC Addresses for port security.

Regards,

Mahdi

0 Helpful

konstantinoschiotakis
Level 1
Level 1

‎09-21-2017 01:58 AM

Hi,

 

Is this mac address f8ca.z835.b777 on the same VLAN as the port Gi2/0/41 (VLAN 10)? Could you trace it? My guess is that a device with the mac (f8ca.z835.b777) was originally connected on a port other than Gi2/0/41 on same VLAN and someone plugged it on port Gi2/0/41 that caused this error. 

 

If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.

 

Cheers

 

 

0 Helpful

Aran
Level 1
Level 1
In response to konstantinoschiotakis

‎09-21-2017 02:07 AM

I think you right cause when i search for the mac address f8ca.z835.b777 i find it connected to Gi2/0/33

 

Im guessing the user would leave his desk and then go to a confrence room for example and plug in there.

 

Would changing the aging timer fix this issue? 

0 Helpful

konstantinoschiotakis
Level 1
Level 1
In response to Aran

‎09-21-2017 02:29 AM

Hi,

I think there are two ways to tackle this issue: Auto recovery and aging time.

Aging time range can be from 1 to 1440 minutes. You can also add the inactivity keyword to only age out when the port is inactive. Auto recovery will recover err-disabled ports on the switch based on events (in your case psecure-violation).

HTH
0 Helpful

paul driver
VIP
VIP

‎09-21-2017 09:40 AM

Hello

it looks like PS has kicked in due to inactivity on the port

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card