Hi,
I've got problem with port security on port Fast4/4. There is currently Cisco IP phone 7961 connected and nothing else. I still get PSECURE_VIOLATION. What can cause the problem? Please help. Thank you.
Here are my logs and configuration:
#show logging
Dec 27 10:21:05.631 CET: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa4/4, putting Fa4/4 in err-disable state
Dec 27 10:21:05.639 CET: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0023.339c.e1cf on port FastEthernet4/4.
Dec 27 10:24:05.646 CET: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Fa4/4
Dec 27 13:14:51.073 CET: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa4/4, putting Fa4/4 in err-disable state
Dec 27 13:14:51.077 CET: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0023.339c.e1cf on port FastEthernet4/4.
Dec 27 13:17:51.072 CET: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Fa4/4
Dec 27 14:32:39.083 CET: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa4/4, putting Fa4/4 in err-disable state
Dec 27 14:32:39.087 CET: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0023.339c.e1cf on port FastEthernet4/4.
Dec 27 14:35:39.081 CET: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Fa4/4
Dec 27 15:16:59.369 CET: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa4/4, putting Fa4/4 in err-disable state
Dec 27 15:16:59.373 CET: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0023.339c.e1cf on port FastEthernet4/4.
Dec 27 15:19:59.356 CET: %PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Fa4/4
#show mac address-table interface fasTEthernet 4/4
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
412 0023.339c.e1cf static ip,ipx,assigned,other FastEthernet4/4
Multicast Entries
vlan mac address type ports
-------+---------------+-------+--------------------------------------------
112 ffff.ffff.ffff system Fa4/1,Fa4/2,Fa4/3,Fa4/4,Fa4/6,Fa4/9,Fa4/10
Fa4/11,Fa4/12,Fa4/14,Fa4/15,Fa4/17,Fa4/18
Fa4/33,Fa4/35,Fa4/40,Fa4/41,Fa4/43,Fa4/44
Fa4/45,Fa4/46,Fa4/47,Fa4/48,Fa5/48,Gi1/1
Gi1/2,Switch
412 ffff.ffff.ffff system Fa4/1,Fa4/2,Fa4/3,Fa4/4,Fa4/6,Fa4/9,Fa4/10
Fa4/11,Fa4/12,Fa4/14,Fa4/15,Fa4/17,Fa4/18
Fa4/33,Fa4/35,Fa4/40,Fa4/41,Fa4/43,Fa4/44
Fa4/45,Fa4/46,Fa4/47,Fa4/48,Fa5/48,Gi1/1
Gi1/2,Switch
#show port-security interface fastEthernet 4/4
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 1 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0023.339c.e1cf:412
Security Violation Count : 0
#interface FastEthernet4/4
switchport access vlan 112
switchport mode access
switchport voice vlan 412
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no logging event link-status
load-interval 60
qos vlan-based
no snmp trap link-status
tx-queue 3
priority high
ip dhcp snooping limit rate 10
end
#show cdp neighbors fastEthernet 4/4
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
SEP0023339CE1CF Fas 4/4 168 H P M IP Phone Port 1
#show power inline fastEthernet 4/4
Available:3700(w) Used:685(w) Remaining:3015(w)
Interface Admin Oper Power(Watts) Device Class
From PS To Device
--------- ------ ---------- ---------- ---------- ------------------- -----
Fa4/4 auto on 7.1 6.3 IP Phone 7961 2
Interface AdminPowerMax AdminConsumption
(Watts) (Watts)
---------- --------------- --------------------
Fa4/4 15.4 15.4
#show ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(50)SG6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 23:12 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x11C3225C
ROM: 12.2(31r)SGA1
Dagobah Revision 226, Swamp Revision 34
cza-ua-12300a uptime is 34 weeks, 16 hours, 53 minutes
System returned to ROM by reload
System restarted at 21:28:42 CEST Mon May 3 2010
System image file is "bootflash:cat4500-ipbasek9-mz.122-50.SG6.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C4506 (MPC8245) processor (revision 10) with 262144K bytes of memory.
Processor board ID FOX1222GVRS
MPC8245 CPU at 266Mhz, Supervisor II+
Last reset from Reload
6 Virtual Ethernet interfaces
192 FastEthernet interfaces
2 Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
