12-27-2012 01:18 PM - edited 03-07-2019 10:48 AM
I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.
interface FastEthernet0/2
description CONNECTION TO PHONE AND PC[spanning tree disabled]
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0018.b034.b392
switchport port-security mac-address sticky b4b5.2fcd.432a
switchport port-security mac-address sticky 0018.b034.b392 vlan 11
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
end
Feb 28 18:01:32 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
*Feb 28 18:01:32 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b4b5.2fcd.432a on port FastEthernet0/2.
*Feb 28 18:01:33 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
*Feb 28 18:01:34 CST: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down
interface FastEthernet0/2
description CONNECTION TO PHONE AND PC[spanning tree disabled]
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0018.b034.b392
switchport port-security mac-address sticky b4b5.2fcd.432a
switchport port-security mac-address sticky 0018.b034.b392 vlan 11
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
end
This is the log entry for the error.
Feb 28 18:01:32 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
*Feb 28 18:01:32 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b4b5.2fcd.432a on port FastEthernet0/2.
*Feb 28 18:01:33 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
*Feb 28 18:01:34 CST: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down
As you can see the mac address that caused the violation is configured for the port.
12-27-2012 01:58 PM
Hi
i dont see any config related to vlan 11 under u r port.is vlan 11 is used for the pc
Sent from Cisco Technical Support iPhone App
12-27-2012 02:00 PM
VLAN 11 is the Voice VLAN.
12-27-2012 02:26 PM
Hi
then u havent defined it under the port
Sent from Cisco Technical Support iPhone App
12-27-2012 02:57 PM
The port is a trunk port. I have this configuration on somewhere around 50 switches. This port and one other is what is having a problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide