Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1615
Views
1
Helpful
1
Replies

Dot1x security violation

stuart.findlay
Level 1
Level 1

‎02-05-2015 09:27 AM - edited ‎03-07-2019 10:31 PM

We have a system where some ports are randomly doing err-disabled during startup of a device, generally a laptop, not always the same one.

For the ports we have dot1x authentication set up but not port-security. The ports are set to single host.

 

From what I have read, with no port-security, the only reason a port should see a security-violation is a New MAC on the same  port after authentication.  I am not see that log message. I would have expected something like:

DOT1X-SP-5-SECURITY_VIOLATION: Security violation on interface GigabitEthernet4/8, New MAC address 0080.ad00.c2e4 is seen on the interface in Single host mode

%PM-SP-4-ERR_DISABLE: security-violation error detected on Gi4/8, putting Gi4/8 in err-disable state

 

What I am seeing is:

Feb  3 07:28:37.572: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/36, changed state to up
Feb  3 07:29:16.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/36, changed state to down
Feb  3 07:29:17.842: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/36, changed state to down
Feb  3 07:29:22.142: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/36, changed state to up
Feb  3 07:29:23.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/36, changed state to up
Feb  3 07:29:37.980: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/36, changed state to down
Feb  3 07:29:38.982: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/36, changed state to down
Feb  3 07:29:40.528: %AUTHMGR-5-START: Starting 'dot1x' for client (29d2.44f2.4fa9) on Interface Gi2/0/36 AuditSessionID 0A9B439B000817EDA3C0F123
Feb  3 07:29:41.981: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/36, changed state to up
Feb  3 07:29:42.982: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/36, changed state to up
Feb  3 07:29:49.541: %DOT1X-5-SUCCESS: Authentication successful for client (29d2.44f2.4fa9) on Interface Gi2/0/36 AuditSessionID 0A9B439B000817EDA3C0F123
Feb  3 07:29:50.579: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (29d2.44f2.4fa9) on Interface Gi2/0/36 AuditSessionID 0A9B439B000817EDA3C0F123
Feb  3 07:41:38.100: %PM-4-ERR_DISABLE: security-violation error detected on Gi2/0/36, putting Gi2/0/36 in err-disable state (switch-1)
Feb  3 07:41:39.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/36, changed state to down
Feb  3 07:41:40.108: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/36, changed state to down

Which sort of looks like it's caused by the link going down? But why?

 

Thanks,

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

TIM JUDGE
Level 1
Level 1

‎04-06-2015 03:01 AM

Can you confirm what exactly is connect to GigabitEthernet2/0/36?

Check if the device is running a VM. If it is, then you probably need to use "authentication host-mode multi-auth" on the port config else the port will see multiple MAC addresses & shut down the interface.

If it is a laptop, you can also update your network driver in the O/S and ensure you are running the latest BIOS. I've had a number of old laptops (some had Marvel network adapters) which needed both BIOS and driver updates. Prior to the updates I'd get DOT1x issues and the laptops wouldn't always negotiate 1gbit/sec either

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card