Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2834
Views
0
Helpful
8
Replies

Cisco 3650 %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address

AndreyPokorskiy
Level 1
Level 1

‎08-16-2019 12:10 PM

got the problem with port security on Cisco 3650:
  %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address
We have deskphone connected to the access switch port and PC connected to the deskphone
The port-security setup:
show port-security interface Gix/x/x
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : xxxx.xxxx.xxxx
Security Violation Count : 50

Version: 16.3.6 CAT3K_CAA-UNIVERSALK9 

 

PC was not connected to other ports before (MAC is not sticky) 

Labels:
0 Helpful
8 Replies 8

Reza Sharifi
Hall of Fame
Hall of Fame

‎08-16-2019 12:17 PM

Maximum MAC Addresses : 3

This can happen with devices that come with multiple MAC address entries like multiple VMs whiting a PC. 

Try raising the max to a higher number and test again.

HTH

0 Helpful

AndreyPokorskiy
Level 1
Level 1
In response to Reza Sharifi

‎08-16-2019 12:22 PM

Thank you Reza!
Actually, this is clients laptops and they have no VM software installed
How I can find the reason why the port been error-dissabled?
The message said only:  %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address <MAC> interface <>

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to AndreyPokorskiy

‎08-16-2019 12:34 PM

Hi,

Violation Mode : Shutdown

The port has gone to error disable because of this command and because there was a security violation on that port.  So, some how someone connected multiple devices to that port (more than 3).

Also, if I remember correctly, I think there are some security applications that is usually used by Infosec that don't work well with port security.  So, you want to check with the owner of that PC.

HTH

0 Helpful

AndreyPokorskiy
Level 1
Level 1
In response to Reza Sharifi

‎08-16-2019 12:50 PM

Thank you Reza
I'll check if they used something like Infosec 

0 Helpful

Martin L
VIP
VIP

‎08-16-2019 12:34 PM - edited ‎08-16-2019 12:44 PM


PC connected to the deskphone ? is it IP phone? so that is 2 MACs. where is 3rd one coming from?

IOS 16 code on 3650 is probably bad idea; 3650 was one of first platform; the code is very buggy.

 

0 Helpful

AndreyPokorskiy
Level 1
Level 1
In response to Martin L

‎08-16-2019 01:44 PM

Hello  MartinLo,
It shouldn't be 3d MAC address there but for some reason, it happens
We are still looking for the cause of this issue
Maybe we will open the Cisco TAC case for troubleshooting

Thank you!
0 Helpful

luis_cordova
VIP Alumni
VIP Alumni

‎08-16-2019 12:37 PM

Hi @AndreyPokorskiy ,

 

Maybe it's a bug.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz72531/?rfs=iqvred


I suggest you update your iOS, since the latest versions solve several bugs

https://software.cisco.com/download/home/284850604/type/282046477/release/Denali-16.3.9

 

Regards

0 Helpful

AndreyPokorskiy
Level 1
Level 1
In response to luis_cordova

‎08-16-2019 01:46 PM

Thank you Luis!
We'll check it
I thought it should be something wrong as we had exactly the same settings for the old switches C4506 and everything works just fine

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card