01-19-2021 08:03 AM
Issue is happening on 2960s, and 2960Xs
I am seeing this error message in my log:
Jan 17 2021 19:04:28.725 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/11, putting Gi1/0/11 in err-disable state
Jan 17 2021 19:04:28.730 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.
Jan 17 2021 19:04:29.731 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/11, changed state to down
On a port that is programmed as follows:
interface GigabitEthernet1/0/11
description Data D53 RM10-Lab
switchport access vlan 105
switchport mode access
switchport port-security
no snmp trap link-status
storm-control broadcast level bps 1m 500k
storm-control action shutdown
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end
and after a shut no shut I see this for a show port-security address (notice the mac addresses don’t match)
105 54bf.645d.50e2 SecureDynamic Gi1/0/11
This is happening every couple weeks on different switches across many buildings. I have a feeling it is happening because the machine is entering hibernation and flaps after hours checking for updates, but does not happen all the time.
any ideas???
01-19-2021 08:16 AM
- It only means that a second mac was seen on the port 0000.5c00.10ab whilst your security setting limits to one.
M.
01-19-2021 08:28 AM
Thanks for responding marce!
I understand that the limit is set to one. What I don't understand is why only so few violations. I have 1000+ ports programmed the same way and receiving this error a couple times a month. I can logon to any given switch and see ports flapping after hours.
Would I be better off upping the limit to 2 or issue a restart after 5 mins? Seems to me that is defeating the purpose of using port security!
01-19-2021 08:49 AM
- The port-policy depends on your Intranet security requirements and needs. Single devices use on MAC and will have no problem with such a port. But as stated with other reply things become different when virtualization-solutions are behind a port , of a load-balancing setup is used with another device on the network, you must qualify port settings per case and accordingly.
M.
01-19-2021 08:58 AM
The device connected to this port in question is a Dell PC. In the logs leading up to the violation I can see the port flap without issue. Just don't know why it randomly decides to throw a different MAC address.
This happens after hours with the school locked. I will check other building to see how close the "new MAC" address is.
thanks
L.
01-19-2021 09:54 AM
Ref : https://macvendors.com/
When using this app , it is seen that the violating mac address belongs to this vendor : TELEMATICS INTERNATIONAL INC. -> This may help you in tracking and finding the particular device.
01-19-2021 08:23 AM
CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5c00.10ab on port GigabitEthernet1/0/11.
This is because of MAC address changing port-security kick in and disabling the port
what is the device connected that port ? end device or switch ? or any esxi ?
post below output
#show port-security interface Gi1/0/11
configure below suggestion to fix the issue - test and advise.
#switchport port-security
#switchport port-security aging time
#switchport port-security maximum 3 ( you can allow more MAc address if required to miitgate the issue)
More information at:
01-19-2021 08:51 AM
securedyanmic without aging meaning the mac is not remove from port-security address table, and if you config max mac equal to 1 then this make port disable.
please config aging time to make SW remove the previous mac address and learn new one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide