cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
182
Views
15
Helpful
7
Replies
Highlighted
Beginner

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred

Issue is happening on 2960s, and 2960Xs

 

I am seeing this error message in my log:

Jan 17 2021 19:04:28.725 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/11, putting Gi1/0/11 in err-disable state

Jan 17 2021 19:04:28.730 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.

Jan 17 2021 19:04:29.731 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/11, changed state to down

 

On a port that is programmed as follows:

interface GigabitEthernet1/0/11

description Data D53 RM10-Lab

switchport access vlan 105

switchport mode access

switchport port-security

no snmp trap link-status

storm-control broadcast level bps 1m 500k

storm-control action shutdown

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

end

 

and after a shut no shut I see this for a show port-security address (notice the mac addresses don’t match)

105    54bf.645d.50e2    SecureDynamic                 Gi1/0/11 

 

This is happening every couple weeks on different switches across many buildings.  I have a feeling it is happening because the machine is entering hibernation and flaps after hours checking for updates, but does not happen all the time.

 

any ideas???

 

7 REPLIES 7
Highlighted
VIP Advisor

 

 - It only means that a second mac was seen on the port 0000.5c00.10ab  whilst your security setting limits to one.

 M.

Highlighted

Thanks for responding marce!

 

I understand that the limit is set to one.  What I don't understand is why only so few violations.  I have 1000+ ports programmed the same way and receiving this error a couple times a month.  I can logon to any given switch and see ports flapping after hours.

 

Would I be better off upping the limit to 2 or issue a restart after 5 mins? Seems to me that is defeating the purpose of using port security!

Highlighted

 

 - The port-policy depends on your Intranet security requirements and needs. Single devices use on MAC and will have no problem with such a port. But as stated with other reply things become different when virtualization-solutions are behind a port , of a load-balancing setup is used with another device on the network, you must qualify port settings per case and accordingly.

 M.

Highlighted

The device connected to this port in question is a Dell PC.  In the logs leading up to the violation I can see the port flap without issue.  Just don't know why it randomly decides to throw a different MAC address.

 

This happens after hours with the school locked.  I will check other building to see how close the "new MAC" address is.

 

thanks

L.

Highlighted

 

                                                            Ref : https://macvendors.com/

   When using this app , it is seen that the violating mac address belongs to this vendor : TELEMATICS INTERNATIONAL INC. -> This may help you in tracking and finding the particular device.

Highlighted
VIP Expert

CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.

This is because of MAC address changing port-security kick in and disabling the port

what is the device connected that port ? end device or switch ? or any esxi ?

post below output

#show port-security interface Gi1/0/11 

 

configure below suggestion to fix the issue - test and advise.

#switchport port-security

#switchport port-security aging time

#switchport port-security maximum 3 ( you can allow more MAc address if required to miitgate the issue)



More information at:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/command/reference/cli3.html#wp1948525

 

 



BB


*** Rate All Helpful Responses ***

Highlighted
Rising star

securedyanmic without aging meaning the mac is not remove from port-security address table, and if you config max mac equal to 1 then this make port disable.
please config aging time to make SW remove the previous mac address and learn new one.

Content for Community-Ad