08-16-2019 12:10 PM
e got the problem with port security on Cisco 3650:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address
We have deskphone connected to the access switch port and PC connected to the deskphone
The port-security setup:
show port-security interface Gix/x/x
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : xxxx.xxxx.xxxx
Security Violation Count : 50
Version: 16.3.6 CAT3K_CAA-UNIVERSALK9
PC was not connected to other ports before (MAC is not sticky)
08-16-2019 12:17 PM
Maximum MAC Addresses : 3
This can happen with devices that come with multiple MAC address entries like multiple VMs whiting a PC.
Try raising the max to a higher number and test again.
HTH
08-16-2019 12:22 PM
Thank you Reza!
Actually, this is clients laptops and they have no VM software installed
How I can find the reason why the port been error-dissabled?
The message said only: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address <MAC> interface <>
08-16-2019 12:34 PM
Hi,
Violation Mode : Shutdown
The port has gone to error disable because of this command and because there was a security violation on that port. So, some how someone connected multiple devices to that port (more than 3).
Also, if I remember correctly, I think there are some security applications that is usually used by Infosec that don't work well with port security. So, you want to check with the owner of that PC.
HTH
08-16-2019 12:50 PM
Thank you Reza
I'll check if they used something like Infosec
08-16-2019 12:34 PM - edited 08-16-2019 12:44 PM
PC connected to the deskphone ? is it IP phone? so that is 2 MACs. where is 3rd one coming from?
IOS 16 code on 3650 is probably bad idea; 3650 was one of first platform; the code is very buggy.
08-16-2019 01:44 PM
Hello MartinLo,
It shouldn't be 3d MAC address there but for some reason, it happens
We are still looking for the cause of this issue
Maybe we will open the Cisco TAC case for troubleshooting
08-16-2019 12:37 PM
Hi @AndreyPokorskiy ,
Maybe it's a bug.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz72531/?rfs=iqvred
I suggest you update your iOS, since the latest versions solve several bugs
https://software.cisco.com/download/home/284850604/type/282046477/release/Denali-16.3.9
Regards
08-16-2019 01:46 PM
Thank you Luis!
We'll check it
I thought it should be something wrong as we had exactly the same settings for the old switches C4506 and everything works just fine
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: