cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
704
Views
0
Helpful
4
Replies

Port Security Triggers with valid Mac Address during power on.

MARC FORESTER
Level 1
Level 1

I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.

interface FastEthernet0/2

description CONNECTION TO PHONE AND PC[spanning tree disabled]

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport port-security maximum 3

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0018.b034.b392

switchport port-security mac-address sticky b4b5.2fcd.432a

switchport port-security mac-address sticky 0018.b034.b392 vlan 11

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

end

Feb 28 18:01:32 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state

*Feb 28 18:01:32 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b4b5.2fcd.432a on port FastEthernet0/2.

*Feb 28 18:01:33 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

*Feb 28 18:01:34 CST: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down

interface FastEthernet0/2
description CONNECTION TO PHONE AND PC[spanning tree disabled]
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0018.b034.b392
switchport port-security mac-address sticky b4b5.2fcd.432a
switchport port-security mac-address sticky 0018.b034.b392 vlan 11
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
end

This is the log entry for the error.

Feb 28 18:01:32 CST: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
*Feb 28 18:01:32 CST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b4b5.2fcd.432a on port FastEthernet0/2.
*Feb 28 18:01:33 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
*Feb 28 18:01:34 CST: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down

As you can see the mac address that caused the violation is configured for the port.

4 Replies 4

mahmoodmkl
Level 7
Level 7

Hi

i dont see any config related to vlan 11 under u r port.is vlan 11 is used for the pc


Sent from Cisco Technical Support iPhone App

VLAN 11 is the Voice VLAN.

mahmoodmkl
Level 7
Level 7


Hi

then u havent defined it under the port
Sent from Cisco Technical Support iPhone App

The port is a trunk port. I have this configuration on somewhere around 50 switches. This port and one other is what is having a problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: