Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
0
Helpful
7
Replies

Port security issue?

louis0001
Level 3
Level 3

‎05-02-2018 09:33 AM - edited ‎03-08-2019 02:52 PM

We have enabled port security on one of our switches (2960x) and the port keeps flagging up security violations like so:


Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                          (Count)             (Count)          (Count)
---------------------------------------------------------------------------
    Gi1/0/1              1                       1                  0                       Restrict
   Gi1/0/14             10                     5                126                     Restrict
---------------------------------------------------------------------------

Port Gi1/0/1 has a printer attached and works fine
Port Gi1/0/14 has a Surface Pro 4 attached and for some reason registers 5 mac addresses?

Every time I do a refresh, the violation count increases even though the max/actual count doesn't?

I'm wondering whether this is anything to do with the wireless AP's being on the same switch etc?

Any ideas?

 

Normal config below (although in the above case I've increased the allowed addresses to see what that would yield)

switchport access vlan 300
switchport mode access
switchport voice vlan 400
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security violation  restrict
switchport port-security mac-address sticky
switchport port-security aging time 5
switchport port-security
spanning-tree portfast
mls qos trust cos
spanning-tree bpduguard enable

Labels:
0 Helpful
7 Replies 7

Deepak Kumar
VIP Alumni
VIP Alumni

‎05-02-2018 10:50 AM

Hi,

If you sure that user is not changing LAPTOP then check the Option in win 10 "USE RANDOM Hardware" and disable it.

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

louis0001
Level 3
Level 3
In response to Deepak Kumar

‎05-02-2018 11:34 AM

Think you might have something there. We have a mix of windows 10 & windows 7 which may explain why it happens with some and not others. I'll check in the morning.

0 Helpful

louis0001
Level 3
Level 3
In response to louis0001

‎05-02-2018 11:58 AM

Curiosity got the better of me and I logged on remotely. This is a windows 7 PC so no wifi etc, just wired.

0 Helpful

louis0001
Level 3
Level 3
In response to louis0001

‎05-10-2018 09:43 AM

Anybody else got any ideas on this?

The output below is a different switch and the user certainly ain't plugging things in an out.

Gi1/0/10 I can understand but Gi1/0/16? Doing a refresh increases the count although the mac address count doesn't go up?

 

Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                (Count)       (Count)          (Count)
---------------------------------------------------------------------------
    Gi1/0/1              1            1                  0         Restrict
    Gi1/0/6              2            1                  0         Restrict
    Gi1/0/7              2            0                  0         Restrict
    Gi1/0/8              2            1                  0         Restrict
    Gi1/0/9              2            0                  0         Restrict
   Gi1/0/10              2            2                 28         Restrict
   Gi1/0/11              2            1                  0         Restrict
   Gi1/0/12              2            0                  0         Restrict
   Gi1/0/13              2            1                  0         Restrict
   Gi1/0/14              2            0                  0         Restrict
   Gi1/0/15              2            2                  0         Restrict
   Gi1/0/16              2            1                 52         Restrict
   Gi1/0/17              2            1                  0         Restrict
   Gi1/0/18              2            1                  0         Restrict
   Gi1/0/19              2            1                  0         Restrict
---------------------------------------------------------------------------

0 Helpful

Larry Sullivan
Level 3
Level 3
In response to louis0001

‎05-10-2018 12:14 PM

When you do "show port-security interface interface" does the stored MAC match the MAC of the device plugged in?

0 Helpful

louis0001
Level 3
Level 3
In response to Larry Sullivan

‎05-10-2018 12:21 PM

Hi Larry,

I'm not going to be in a position to check this until Monday now. What I can't understand is why the actual mac address count hasn't climbed eg on Gi1/0/16, the max is 2, the count is 1 but the restriction count keeps increasing?

0 Helpful

Larry Sullivan
Level 3
Level 3
In response to louis0001

‎05-10-2018 12:27 PM

Maybe it keeps violating over and over for just one VLAN of the two.  Either way, solve the violation first and go from there.  Verify sticky MAC is actual MAC of device plugged in.

0 Helpful
Customers Also Viewed These Support Documents