Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
2
Replies

Port Security Question

MrTone123
Level 1
Level 1

‎08-12-2011 01:41 PM - edited ‎03-07-2019 01:41 AM

Hi:

I was having a port-security problem today on a 3750 switch.

The troublesome port, Gi0/36, had only one computer connected. Whenever I enabled port security on the port, it immediately went into an err-disable state.

i even tried allowing 100 mac addresses on the port, but got the same result.

When I entered: switchport port-security, it immediately shutdown.

Here are the console messages:

Switch1(config-if)#switchport port-security
Switch1(config-if)#
1y0w: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/36, putting Gi0/36 in err-disable state
1y0w: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b8ac.6f1c.ef40 on port GigabitEthernet0/36.
1y0w: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/36, changed state to down
1y0w: %LINK-3-UPDOWN: Interface GigabitEthernet0/36, changed state to down

Here's the config of that interface after enabling port security:
!
interface GigabitEthernet0/36
switchport access vlan 2
switchport mode access
switchport port-security maximum 100
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
end

Any ideas on what could be causing this?

Thanks,

Tony

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎08-12-2011 01:58 PM

Tony,

Is it possible that the MAC address b8ac.6f1c.ef40 is already learned on another secure port? Such an event would also cause a security violation. Please try using the show mac address-table address b8ac.6f1c.ef40 to see if that address has already been assigned to another secure port.

You may also verify the state of the MAC address table for the particular port using the show mac address-table interface gi0/36 command.

Please let us know your findings.

Best regards,

Peter

0 Helpful

smogra
Cisco Employee
Cisco Employee

‎08-14-2011 05:12 AM

Hi Tony,

Looks like this is not a problem with allowing maximum number of mac's on a port. It is something wrong with the mac address getting displayed on the error messages. Please try to track down the mac address b8ac.6f1c.ef40. Looks like it is already getting learnt on some other port and when you work with PC on 0/36, it detects as port security violation and either shuts it down or err-disable it.

Hope that helps.

Cheers

Sweta

Please rate useful posts.

0 Helpful
Customers Also Viewed These Support Documents