Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13323
Views
15
Helpful
7
Replies

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred

lzaleski1
Level 1
Level 1

‎01-19-2021 08:03 AM

Issue is happening on 2960s, and 2960Xs

 

I am seeing this error message in my log:

Jan 17 2021 19:04:28.725 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/11, putting Gi1/0/11 in err-disable state

Jan 17 2021 19:04:28.730 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.

Jan 17 2021 19:04:29.731 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/11, changed state to down

 

On a port that is programmed as follows:

interface GigabitEthernet1/0/11

description Data D53 RM10-Lab

switchport access vlan 105

switchport mode access

switchport port-security

no snmp trap link-status

storm-control broadcast level bps 1m 500k

storm-control action shutdown

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

end

 

and after a shut no shut I see this for a show port-security address (notice the mac addresses don’t match)

105    54bf.645d.50e2    SecureDynamic                 Gi1/0/11 

 

This is happening every couple weeks on different switches across many buildings.  I have a feeling it is happening because the machine is entering hibernation and flaps after hours checking for updates, but does not happen all the time.

 

any ideas???

 

Labels:
0 Helpful
7 Replies 7

marce1000
VIP
VIP

‎01-19-2021 08:16 AM

 

 - It only means that a second mac was seen on the port 0000.5c00.10ab  whilst your security setting limits to one.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

lzaleski1
Level 1
Level 1
In response to marce1000

‎01-19-2021 08:28 AM

Thanks for responding marce!

 

I understand that the limit is set to one.  What I don't understand is why only so few violations.  I have 1000+ ports programmed the same way and receiving this error a couple times a month.  I can logon to any given switch and see ports flapping after hours.

 

Would I be better off upping the limit to 2 or issue a restart after 5 mins? Seems to me that is defeating the purpose of using port security!

0 Helpful

marce1000
VIP
VIP
In response to lzaleski1

‎01-19-2021 08:49 AM

 

 - The port-policy depends on your Intranet security requirements and needs. Single devices use on MAC and will have no problem with such a port. But as stated with other reply things become different when virtualization-solutions are behind a port , of a load-balancing setup is used with another device on the network, you must qualify port settings per case and accordingly.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

lzaleski1
Level 1
Level 1
In response to marce1000

‎01-19-2021 08:58 AM

The device connected to this port in question is a Dell PC.  In the logs leading up to the violation I can see the port flap without issue.  Just don't know why it randomly decides to throw a different MAC address.

 

This happens after hours with the school locked.  I will check other building to see how close the "new MAC" address is.

 

thanks

L.

0 Helpful

marce1000
VIP
VIP
In response to lzaleski1

‎01-19-2021 09:54 AM

 

                                                            Ref : https://macvendors.com/

   When using this app , it is seen that the violating mac address belongs to this vendor : TELEMATICS INTERNATIONAL INC. -> This may help you in tracking and finding the particular device.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

balaji.bandi
Hall of Fame
Hall of Fame

‎01-19-2021 08:23 AM 

CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.

This is because of MAC address changing port-security kick in and disabling the port

what is the device connected that port ? end device or switch ? or any esxi ?

post below output

#show port-security interface Gi1/0/11 

 

configure below suggestion to fix the issue - test and advise.

#switchport port-security

#switchport port-security aging time

#switchport port-security maximum 3 ( you can allow more MAc address if required to miitgate the issue)



More information at:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/command/reference/cli3.html#wp1948525

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World
VIP
VIP

‎01-19-2021 08:51 AM

securedyanmic without aging meaning the mac is not remove from port-security address table, and if you config max mac equal to 1 then this make port disable.
please config aging time to make SW remove the previous mac address and learn new one.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card