Showing results for 
Search instead for 
Did you mean: 

Port-Secuity Issue Win 7

William Ryan

Currently we  have deployed Windows 7, with sleep mode enable after x amount of inactivity. We also utilize port-security, when a computer goes to sleep and is awaken, it generates a 0000.0000.0000 MAC address and port security disables the port.

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.0000.0000 on port FastEthernet3/4

We changes the port violation to restrict for troubleshooting.  Once the system is awake and at full power, everything works fine.

8 Replies 8

cadet alain


Can you sniff the NIC to see what type of traffic has this source mac address.

Post your port-security config also.



Don't forget to rate helpful posts.

We are think it’s a Win 7 issue, systems are being upgraded from Vista to 7 and that generic NIC drivers are being used. The puzzle part is this one happens on 4506 switches with the 0 MAC address.


Did you ever find a resolution for this?

We have found that when some of our Windows 7 PCs go to sleep, within a few seconds, they cause the port to be shut down with the invalid MAC address of all zeros.  Unlike you, we have found this is shutdown at sleep, not at awakening.  Can you clarify which step in the sleep cycle you experience this, at sleep begining, or at awakening?

At a previous employer, we had so much problem with this that a Group Policy object was created in Active Directory to disable power management on both wired and wireless network connections.  I have yet to see a place where power management worked right or at all.



on one computer where I tested around for a vie days with that issue I found out that ist is not the "power save" as the cause but the Wake-On-LAN feature. Then I disabled the WOL in the network adapter setting and the port security violation messages disappered. This happens not only on 4506 but at least on all 4500 switches.

If you disable port security the you get such messages:

%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 43199 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Gi1/1 in vlan 1

My testcomputer is a FSC Celsius W350, now I will check this with some DELL which are causing similar issues


Thanks for waking this topic up. 

Our resolution which seems to have wordked on all tried circumstances is the folowing;

All of our offenders were Dell PCs with Broadcom NICs.  Updaing the Dell PCs with NIC drivers from Dell did NOT resolve the matter.  Updaing the PCs with the latest NIC drivers from Broadcom did resolve the matter.  The system can go to sleep, and apparently not send out frames with all zeros as a source MAC address.   No more port security or IP source guard violations or flood logs as a result of sleep. 

Hope this helps others.

Good Point! The Celsius W350 also has an Broadcom NIC onboard. I will try with last non-Fujitsu driver to check if it works and give you an update!


Cant you use the following  access-list to block source mac's with 0000.0000.0000 to any destination?

mac access-list extended AllZeroMacs

deny   host 0000.0000.0000 any

permit any any

Then you apply it on a per interface basis on the incoming direction on the port?

We are currently having a similar experience at the moment im trying to prevent the port from going into an err-disabled state while we look for a solution, we have not tried the access list yet.

Message was edited by: Donovan Esterhuizen

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: