Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
932
Views
0
Helpful
2
Replies

Port Security Violation occured, please help

muath1987
Level 1
Level 1

‎08-06-2018 11:05 AM - edited ‎03-08-2019 03:50 PM

Hello,

 

I have C3750E stack switch, When the end user try to transfer large volume of data the port goes to error-disable state!! the MAC address that appear in logs seems fake MAC"54ee.0000.0000 ". can  anybody help me why this is happen?

 

Interface Configuration:

 

interface GigabitEthernet1/0/39

switchport access vlan 335

switchport mode access

switchport nonegotiate

switchport voice vlan 316

switchport port-security maximum 2

switchport port-security

spanning-tree portfast

spanning-tree bpduguard enable

spanning-tree guard root

 

Switch logs:

Aug  6 08:13:02.078 UTC: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi1/0/39, putting Gi1/0/39 in err-disable state

Aug  6 08:13:02.221 UTC: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 54ee.0000.0000 on port GigabitEthernet1/0/39.

Aug  6 08:13:03.219 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/39, changed state to down.

 

 

 

 

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎08-06-2018 02:22 PM

Hello,

What I suggest checking first is the output of show interface gi1/0/39 and show interface gi1/0/39 counter error - check whether you see any counters that would indicate that corrupted frames may have been received. If there are non-zero error counters for this interface, we need to eliminate the usual suspects - replace the cable, try moving the host to a different port, try replacing the NIC in the host.

If there are no errors recorded in the counters, there is still a possibility that the NIC driver on the host is buggy, and under high load conditions, it generates Ethernet frames with an incorrect MAC address. This would be more difficult to prove but is still a possibility.

I wonder - is there any virtualization software running on the host? Is the host a virtual machine itself?

Best regards,
Peter

0 Helpful

muath1987
Level 1
Level 1
In response to Peter Paluch

‎08-06-2018 02:48 PM

Hi Peter

 

Thank you so much for your clarification, regarding the end point its Dell PC running Windows 7.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card