Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1423
Views
0
Helpful
2
Replies

Latest stable IOS for Cisco 3750X and 3850 switches

Go to solution
q-le
Level 2
Level 2

‎02-19-2019 09:40 PM - edited ‎03-08-2019 05:23 PM

Hi All,

We have several Cisco 3750X-48P running (12.2(55)SE9 C3750E-UNIVERSALK9-M) and

C3850-48P running (03.06.05E  cat3k_caa-universalk9 INSTALL)

Recently we replace HP desktop with Dell desktop and experience "psecure-violation errors" flooding

We had try everything and hopefully a new IOS upgrade will fix this problem

Any recommended stable IOS is much appreciated.

Thanks

Peter  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1

‎02-19-2019 10:59 PM

@q-le

 

The error is port transitions to error-disable state due to port security violations, A port security violation occurs when an address learned or configured on one secure interface is seen on another secure interface in the same VLAN.

 

Port security violation happened due to MAC address is change after replacing the server. 

 

 

  1. Use dynamic learning for port security, and remove any static MAC address list or sticky learning configuration.

    SW1-3750(config-if)#no switchport port-security mac-address sticky
SW1-3750(config-if)#no switchport port-security mac-address H.H.H


!--- H.H.H is the 48 bit MAC addresses configured

  2. Configure port security aging.

    The aging time determines the minimum time interval required before the MAC address may appear on a different port.

    SW1-3750(config-if)#switchport port-security aging time 1

SW1-3750(config-if)#switchport port-security aging type inactivity

    The aging type inactivity ages out the secure addresses on this port only if there is no data traffic from the secure source addresses for the specified time period.

  3. Configure err-disable state recovery from port security violation.

    SW1-3750(config)#errdisable recovery cause psecure-violation

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/77805-troubleshoot-3750.html

 

If you really wants to upgrade your switch use 12.2(55)SE12 for 3750 (C3750E-UNIVERSALK9-M), and  03.06.08E  (cat3k_caa-universalk9) for 3850.

 

BR

tayyabmunir.com

*** Please rate all helpful responses and mark solutions***

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎02-19-2019 10:08 PM

For 3750X, stick with 12.2(55)SE train and use the latest one.
0 Helpful

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1

‎02-19-2019 10:59 PM

@q-le

 

The error is port transitions to error-disable state due to port security violations, A port security violation occurs when an address learned or configured on one secure interface is seen on another secure interface in the same VLAN.

 

Port security violation happened due to MAC address is change after replacing the server. 

 

 

  1. Use dynamic learning for port security, and remove any static MAC address list or sticky learning configuration.

    SW1-3750(config-if)#no switchport port-security mac-address sticky
SW1-3750(config-if)#no switchport port-security mac-address H.H.H


!--- H.H.H is the 48 bit MAC addresses configured

  2. Configure port security aging.

    The aging time determines the minimum time interval required before the MAC address may appear on a different port.

    SW1-3750(config-if)#switchport port-security aging time 1

SW1-3750(config-if)#switchport port-security aging type inactivity

    The aging type inactivity ages out the secure addresses on this port only if there is no data traffic from the secure source addresses for the specified time period.

  3. Configure err-disable state recovery from port security violation.

    SW1-3750(config)#errdisable recovery cause psecure-violation

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/77805-troubleshoot-3750.html

 

If you really wants to upgrade your switch use 12.2(55)SE12 for 3750 (C3750E-UNIVERSALK9-M), and  03.06.08E  (cat3k_caa-universalk9) for 3850.

 

BR

tayyabmunir.com

*** Please rate all helpful responses and mark solutions***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card