port security issue

Asim Afzal · ‎12-03-2012

please find the output of the show commands below.

Before resetting the port-security on the interface --

UNB-Deira-Br-2950SW2# sh mac-address-table | i 0/7

1 0007.3be4.0171 STATIC Fa0/7

117 0007.3be4.0171 STATIC Fa0/7

Same MAC coming from port fa 0/7

UNB-Deira-Br-2950SW2#sh port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

---------------------------------------------------------------------------

Fa0/1 2 1 0 Restrict

Fa0/2 2 2 0 Restrict

Fa0/3 2 1 0 Restrict

Fa0/4 2 1 0 Restrict

Fa0/5 2 0 0 Restrict

Fa0/6 2 1 0 Restrict

Fa0/7 2 2 3874 Restrict

Fa0/8 2 2 0 Restrict

Fa0/9 2 2 0 Restrict

Fa0/10 2 2 0 Restrict

UNB-Deira-Br-2950SW2#sh run int fa 0/7

Building configuration...

Current configuration : 440 bytes

!

interface FastEthernet0/7

switchport mode access

switchport voice vlan 117

switchport port-security

switchport port-security maximum 2

switchport port-security aging time 1440

switchport port-security violation restrict

switchport port-security aging type inactivity

storm-control broadcast level 20.00 18.00

storm-control action trap

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

end

Nov 26 08:48:19.254 AUH: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000f.fef4.4dd5 on port FastEthernet0/7.

Nov 26 08:48:24.758 AUH: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000f.fef4.4dd5 on port FastEthernet0/7.

Nov 26 08:48:30.254 AUH: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000f.fef4.4dd5 on port FastEthernet0/7.

Nov 26 08:48:36.530 AUH: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000f.fef4.4dd5 on port FastEthernet0/7.

Nov 26 08:48:51.602 AUH: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000f.fef4.4dd5 on port FastEthernet0/7.

Nov 26 08:49:00.582 AUH: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 000f.fef4.4dd5 on port FastEthernet0/7.

After resetting the port-security on the interface --

UNB-Deira-Br-2950SW2(config)#do sh mac-add | i 0/7

1 000f.fef4.4dd5 STATIC Fa0/7

117 0007.3be4.0171 STATIC Fa0/7

andrewswanson · ‎12-03-2012

Hello - the mac address of the device in the voice vlan is non-cisco. its oui suggests tenovis as the manufacturer (Avaya?). Do your IP phones support cdp (if i recall, 'switchport voice vlan" command requires the IP phone to support cdp)

hth

andy

Sandeep Choudhary · ‎12-03-2012

HI Asim,

Make it this one:

switchport port-security maximum 3 on port fa0/7 and then see the results.

Reagrds

please rate if it helps.

mahmoodmkl · ‎12-03-2012

Hi,

As suggested by sandeep make it 3 because u need to consider the mac-address of the switch which is in-built in IP Phone.

Thanks