cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3808
Views
0
Helpful
11
Replies

PORT_SECURITY-SP-2-PSECURE_VIOLATION !!

fariha zain
Level 1
Level 1


Greetings,

We are experiencing  port security violations from the  one lappy mac-addresses.  Please review the technical information below and let me know if you have any insight.


int f1/2
 switchport
 switchport access vlan 100
 switchport mode access
 switchport voice vlan 500
 switchport port-security
 switchport port-security maximum 4
 switchport port-security aging time 1
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 150
  spanning-tree portfast edge
 end


int g1/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all
end

Mar 14 14:25:46: PORT_SECURITY-SP-2-PSECURE_VIOLATION Security violation occurred, caused by MAC address 422f.00a5.01ce on port FastEthernet1/2

Hopus#sh mac-address-table static | inc 0422f
*   3  422f.00a5.01ce    static  Yes          -   Gi1/1  >> Uplink port.

Hence I am not able to use this machine anymore on my switch. ( As soon as I connect the laptop to port f1/2 or any other port i get the above error msg) also I dont have any static or sticky configuration on my switch. Its simple config it should work.

I already tried shut/no shut of the port f1/2 but that didnt help. So only way to remove the mac from arp?

If anyone can provide me the valid reason for this behaviour that would be appriciated.


Regards

Fari

11 Replies 11

Rajeev Sharma
Cisco Employee
Cisco Employee

Hey Fari,

Provide the following outputs:

#show port-security address

#show port-security int f1/2

#show port-security int g1/1

#show port-security

Regards,

RS.

why would we recieve a packet from an access port with default gateway's MAC address as the source address?

 

may i know what is this device? like, laptop? with docking station? etc..

Hi Fumohamm,

Yes thats the reason I open this thread. I am working on this for a long period and quite disturb with the way the device is behaving .

Here is te info you want:

Device is Cisco 6509 .

Fast 1/2 is connected to my workstation/laptop.

So I removed that laptop but still I see that its been seen on the Uplink port rather than getting removed.

 

Please let me know your opinion on this as i am struck with this.

 

thanks in advance.

fari

when i asked about the device, i wanted to know more about the laptop.. i know of such behavior with lenova USB 3 docking station.

 

can we track this MAC address switch by switch to find where is this located?

Fumohamm,

If I remove the laptop and dont connect to any switch still I see the above behaviour.

thats the reason I am in shock. I agree if I connect to any other switch then we can say something out of it but if I remove the laptop and dont connect to any switch still i see that the mac address is stick to the uplink port.

Regards

Fari

i understand that. thats why i am asking. can you follow the port and try to find from where this MAC address is seen in the network when you disconnect the laptop?

This MAC doesnt seem to belong to any vendor as per www.coffer.com. so, it looks like the MAC was statically configured on 1 or more devices (possibly). try to track this MAC and see if you can find another end host.

fumohamm ,

I understand what you are trying to ask, I have done all those as I am in cisco network since couple of years now.

Okay here is my second testing i did:

I connected my laptop and removed it but still i see the mac address been seen from uplink port rather than getting flushed or removed when the laptop was removed.

Do you think any bug?

Regards

Fari

 

Hi Fari,

Could you please try reloading the switch once?

I have tested in my lab and it works fine as expected nothing sort of the behaviour you have mentioned above.

 

Regards

Inayath

So, your access switch thinks it has seen the MAC address from the uplink.  OK, so go to the switch on the other end of the G1/1 uplink, and try show mac addr addr 422f.00a5.01ce.  Where has the uplink switch seen the MAC address?  OK, so follow that port onto the next switch and do the show mac addr command again.  Keep going till you find an edge port.  Then you have found the culprit.

 

Kevin Dorrell

Luxembourg

My question is, what does it mean if he finds the mac on a device from a different switch? Was this ever resolved? I'm having the same issue.

can you try disabling ip device tracking?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: