Re: Port security issue?

louis0001 · ‎05-02-2018

We have enabled port security on one of our switches (2960x) and the port keeps flagging up security violations like so:

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
                          (Count)             (Count)          (Count)
---------------------------------------------------------------------------
    Gi1/0/1              1                       1                  0           Restrict
   Gi1/0/14             10                     5                126                     Restrict
---------------------------------------------------------------------------

Port Gi1/0/1 has a printer attached and works fine
Port Gi1/0/14 has a Surface Pro 4 attached and for some reason registers 5 mac addresses?

Every time I do a refresh, the violation count increases even though the max/actual count doesn't?

I'm wondering whether this is anything to do with the wireless AP's being on the same switch etc?

Any ideas?

Normal config below (although in the above case I've increased the allowed addresses to see what that would yield)

switchport access vlan 300
switchport mode access
switchport voice vlan 400
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security aging time 5
switchport port-security
spanning-tree portfast
mls qos trust cos
spanning-tree bpduguard enable

Deepak Kumar · ‎05-02-2018

Hi,

If you sure that user is not changing LAPTOP then check the Option in win 10 "USE RANDOM Hardware" and disable it.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

louis0001 · ‎05-02-2018

Think you might have something there. We have a mix of windows 10 & windows 7 which may explain why it happens with some and not others. I'll check in the morning.

louis0001 · ‎05-02-2018

Curiosity got the better of me and I logged on remotely. This is a windows 7 PC so no wifi etc, just wired.

louis0001 · ‎05-10-2018

Anybody else got any ideas on this?

The output below is a different switch and the user certainly ain't plugging things in an out.

Gi1/0/10 I can understand but Gi1/0/16? Doing a refresh increases the count although the mac address count doesn't go up?

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
                (Count)       (Count)          (Count)
---------------------------------------------------------------------------
    Gi1/0/1              1            1                  0         Restrict
    Gi1/0/6              2            1                  0         Restrict
    Gi1/0/7              2            0                  0         Restrict
    Gi1/0/8              2            1                  0         Restrict
    Gi1/0/9              2            0                  0         Restrict
   Gi1/0/10              2            2                 28         Restrict
   Gi1/0/11              2            1                  0         Restrict
   Gi1/0/12              2            0                  0         Restrict
   Gi1/0/13              2            1                  0         Restrict
   Gi1/0/14              2            0                  0         Restrict
   Gi1/0/15              2            2                  0         Restrict
   Gi1/0/16              2            1                 52         Restrict
   Gi1/0/17              2            1                  0         Restrict
   Gi1/0/18              2            1                  0         Restrict
   Gi1/0/19              2            1                  0         Restrict
---------------------------------------------------------------------------

Larry Sullivan · ‎05-10-2018

When you do "show port-security interface interface" does the stored MAC match the MAC of the device plugged in?

louis0001 · ‎05-10-2018

Hi Larry,

I'm not going to be in a position to check this until Monday now. What I can't understand is why the actual mac address count hasn't climbed eg on Gi1/0/16, the max is 2, the count is 1 but the restriction count keeps increasing?

Larry Sullivan · ‎05-10-2018

Maybe it keeps violating over and over for just one VLAN of the two. Either way, solve the violation first and go from there. Verify sticky MAC is actual MAC of device plugged in.