Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
0
Helpful
5
Replies

Port Security Aging question...

rezaalikhani
Level 3
Level 3

‎05-22-2016 11:05 PM - edited ‎03-08-2019 05:53 AM

Hi all;

 

The following is the configuration that I have applied to an interface:

 

3560#show run in fas 0/7

Building configuration...

 

Current configuration : 122 bytes

!

interface FastEthernet0/7

switchport mode access

switchport port-security

switchport port-security aging time 1

end

 

3560#

 

After 1 minute, the PC that is connected to that port disconnects from the network and the port's status becomes err-disabled.

 

Is it normal?

 

Thanks

Labels:
0 Helpful
5 Replies 5

David VR
Level 1
Level 1

‎05-22-2016 11:40 PM

Hello,

Could you please check the following command on your interface.

show port-security interface fa0/7

show port-security address

Perhaps you are reaching the maximum allowed MAC address on the interface.

0 Helpful

rezaalikhani
Level 3
Level 3
In response to David VR

‎05-22-2016 11:56 PM

Thanks for your reply;

3560#show port-security interface fastEthernet 0/7
Port Security              : Enabled
Port Status                : Secure-shutdown
Violation Mode             : Shutdown
Aging Time                 : 1 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0050.56c0.0000:1
Security Violation Count   : 1

3560#

and

3560#show port-security address
          Secure Mac Address Table
--------------------------------------------------------------------------
Vlan    Mac Address       Type                       Ports   Remaining Age
                                                                (mins)
----    -----------       ----                       -----   -------------
   1    0011.3b18.f8bd    SecureDynamic              Fa0/7        1
--------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 2048
3560#
*Mar  3 00:40:43.921: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/7, putting Fa0/7 in err-disable state
3560#
*Mar  3 00:40:43.930: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.56c0.0000 on port FastEthernet0/7.
3560#
*Mar  3 00:40:44.928: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down
3560#
*Mar  3 00:40:45.926: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to down
3560#show port-security address
          Secure Mac Address Table
--------------------------------------------------------------------------
Vlan    Mac Address       Type                       Ports   Remaining Age
                                                                (mins)
----    -----------       ----                       -----   -------------
--------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 2048
3560#

0 Helpful

paul driver
VIP
VIP

‎05-23-2016 12:28 AM

Hello

aging is set to 1 minute -meaning after this time the Mac will be removed (flushed) from the cam table

The reason why the port is be errdisabled was due to the mac address maximum limit was reached?

As you can see:

Last Source Address:Vlan   : 0050.56c0.0000:1
Security Violation Count   : 1


          Secure Mac Address Table
--------------------------------------------------------------------------
Vlan    Mac Address       Type                       Ports   Remaining Age
                                                                (mins)
----    -----------       ----                       -----   -------------
   1    0011.3b18.f8bd    SecureDynamic              Fa0/7        1
--------------------------------------------------------------------------




res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

rezaalikhani
Level 3
Level 3
In response to paul driver

‎05-23-2016 12:28 AM

Thanks for the reply;

3560#
*Mar  3 00:40:43.921: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/7, putting Fa0/7 in err-disable state
3560#

Is it sufficient?

0 Helpful

David VR
Level 1
Level 1

‎05-23-2016 12:51 AM

You could perhaps try to increase the max allowed MAC addresses:

switchport port-security maximum 5 and check if that help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card