Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4763
Views
0
Helpful
11
Replies

PORT_SECURITY-SP-2-PSECURE_VIOLATION !!

fariha zain
Level 1
Level 1

‎08-14-2014 07:30 AM - edited ‎03-07-2019 08:23 PM


Greetings,

We are experiencing  port security violations from the  one lappy mac-addresses.  Please review the technical information below and let me know if you have any insight.


int f1/2
 switchport
 switchport access vlan 100
 switchport mode access
 switchport voice vlan 500
 switchport port-security
 switchport port-security maximum 4
 switchport port-security aging time 1
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 150
  spanning-tree portfast edge
 end


int g1/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all
end

Mar 14 14:25:46: PORT_SECURITY-SP-2-PSECURE_VIOLATION Security violation occurred, caused by MAC address 422f.00a5.01ce on port FastEthernet1/2

Hopus#sh mac-address-table static | inc 0422f
*   3  422f.00a5.01ce    static  Yes          -   Gi1/1  >> Uplink port.

Hence I am not able to use this machine anymore on my switch. ( As soon as I connect the laptop to port f1/2 or any other port i get the above error msg) also I dont have any static or sticky configuration on my switch. Its simple config it should work.

I already tried shut/no shut of the port f1/2 but that didnt help. So only way to remove the mac from arp?

If anyone can provide me the valid reason for this behaviour that would be appriciated.


Regards

Fari

1 person had this problem
Labels:
0 Helpful
11 Replies 11

Rajeev Sharma
Cisco Employee
Cisco Employee

‎08-14-2014 01:14 PM

Hey Fari,

Provide the following outputs:

#show port-security address

#show port-security int f1/2

#show port-security int g1/1

#show port-security

Regards,

RS.

0 Helpful

Furose M
Level 3
Level 3
In response to Rajeev Sharma

‎08-17-2014 06:50 AM

why would we recieve a packet from an access port with default gateway's MAC address as the source address?

 

may i know what is this device? like, laptop? with docking station? etc..

0 Helpful

fariha zain
Level 1
Level 1
In response to Furose M

‎08-19-2014 09:32 AM

Hi Fumohamm,

Yes thats the reason I open this thread. I am working on this for a long period and quite disturb with the way the device is behaving .

Here is te info you want:

Device is Cisco 6509 .

Fast 1/2 is connected to my workstation/laptop.

So I removed that laptop but still I see that its been seen on the Uplink port rather than getting removed.

 

Please let me know your opinion on this as i am struck with this.

 

thanks in advance.

fari

0 Helpful

Furose M
Level 3
Level 3
In response to fariha zain

‎08-19-2014 09:35 AM

when i asked about the device, i wanted to know more about the laptop.. i know of such behavior with lenova USB 3 docking station.

 

can we track this MAC address switch by switch to find where is this located?

0 Helpful

fariha zain
Level 1
Level 1
In response to Furose M

‎08-19-2014 09:40 AM

Fumohamm,

If I remove the laptop and dont connect to any switch still I see the above behaviour.

thats the reason I am in shock. I agree if I connect to any other switch then we can say something out of it but if I remove the laptop and dont connect to any switch still i see that the mac address is stick to the uplink port.

Regards

Fari

0 Helpful

Furose M
Level 3
Level 3
In response to fariha zain

‎08-19-2014 09:59 AM

i understand that. thats why i am asking. can you follow the port and try to find from where this MAC address is seen in the network when you disconnect the laptop?

This MAC doesnt seem to belong to any vendor as per www.coffer.com. so, it looks like the MAC was statically configured on 1 or more devices (possibly). try to track this MAC and see if you can find another end host.

0 Helpful

fariha zain
Level 1
Level 1
In response to Furose M

‎08-19-2014 10:03 AM

fumohamm ,

I understand what you are trying to ask, I have done all those as I am in cisco network since couple of years now.

Okay here is my second testing i did:

I connected my laptop and removed it but still i see the mac address been seen from uplink port rather than getting flushed or removed when the laptop was removed.

Do you think any bug?

Regards

Fari

 

0 Helpful

InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to fariha zain

‎08-26-2014 06:17 AM

Hi Fari,

Could you please try reloading the switch once?

I have tested in my lab and it works fine as expected nothing sort of the behaviour you have mentioned above.

 

Regards

Inayath

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to fariha zain

‎08-26-2014 07:14 AM

So, your access switch thinks it has seen the MAC address from the uplink.  OK, so go to the switch on the other end of the G1/1 uplink, and try show mac addr addr 422f.00a5.01ce.  Where has the uplink switch seen the MAC address?  OK, so follow that port onto the next switch and do the show mac addr command again.  Keep going till you find an edge port.  Then you have found the culprit.

 

Kevin Dorrell

Luxembourg

0 Helpful

Leslie Jones
Level 1
Level 1
In response to Kevin Dorrell

‎11-19-2014 09:37 AM

My question is, what does it mean if he finds the mac on a device from a different switch? Was this ever resolved? I'm having the same issue.

0 Helpful

Furose M
Level 3
Level 3
In response to Leslie Jones

‎11-19-2014 08:15 PM

can you try disabling ip device tracking?

0 Helpful
Customers Also Viewed These Support Documents
Top