Showing results for 
Search instead for 
Did you mean: 

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred

Issue is happening on 2960s, and 2960Xs


I am seeing this error message in my log:

Jan 17 2021 19:04:28.725 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/11, putting Gi1/0/11 in err-disable state

Jan 17 2021 19:04:28.730 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.

Jan 17 2021 19:04:29.731 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/11, changed state to down


On a port that is programmed as follows:

interface GigabitEthernet1/0/11

description Data D53 RM10-Lab

switchport access vlan 105

switchport mode access

switchport port-security

no snmp trap link-status

storm-control broadcast level bps 1m 500k

storm-control action shutdown

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable



and after a shut no shut I see this for a show port-security address (notice the mac addresses don’t match)

105    54bf.645d.50e2    SecureDynamic                 Gi1/0/11 


This is happening every couple weeks on different switches across many buildings.  I have a feeling it is happening because the machine is entering hibernation and flaps after hours checking for updates, but does not happen all the time.


any ideas???


VIP Advisor


 - It only means that a second mac was seen on the port 0000.5c00.10ab  whilst your security setting limits to one.



Thanks for responding marce!


I understand that the limit is set to one.  What I don't understand is why only so few violations.  I have 1000+ ports programmed the same way and receiving this error a couple times a month.  I can logon to any given switch and see ports flapping after hours.


Would I be better off upping the limit to 2 or issue a restart after 5 mins? Seems to me that is defeating the purpose of using port security!



 - The port-policy depends on your Intranet security requirements and needs. Single devices use on MAC and will have no problem with such a port. But as stated with other reply things become different when virtualization-solutions are behind a port , of a load-balancing setup is used with another device on the network, you must qualify port settings per case and accordingly.



The device connected to this port in question is a Dell PC.  In the logs leading up to the violation I can see the port flap without issue.  Just don't know why it randomly decides to throw a different MAC address.


This happens after hours with the school locked.  I will check other building to see how close the "new MAC" address is.






                                                            Ref :

   When using this app , it is seen that the violating mac address belongs to this vendor : TELEMATICS INTERNATIONAL INC. -> This may help you in tracking and finding the particular device.

VIP Expert

CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.

This is because of MAC address changing port-security kick in and disabling the port

what is the device connected that port ? end device or switch ? or any esxi ?

post below output

#show port-security interface Gi1/0/11 


configure below suggestion to fix the issue - test and advise.

#switchport port-security

#switchport port-security aging time

#switchport port-security maximum 3 ( you can allow more MAc address if required to miitgate the issue)

More information at:




*** Rate All Helpful Responses ***

Rising star

securedyanmic without aging meaning the mac is not remove from port-security address table, and if you config max mac equal to 1 then this make port disable.
please config aging time to make SW remove the previous mac address and learn new one.

Content for Community-Ad