cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4759
Views
0
Helpful
14
Replies

Psecure violation in 2900 series switch

rammi.malek
Level 1
Level 1

Hi,

could any one plz tell me the reason for pseure violation.

m using 2924 model switch with ver 12.0(s)wc17, how can i configure errdisable recovery commands in this switch?

In this switch Errdisable recovery option is available only for  "udld" but not for  "psecure violation". How can i rectify this psecure violation problem

in cisco 2900 series switch?

regards,

rammi

14 Replies 14

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi Rammi,

You can configure err disable command check out the below link hope this will resolve your query !!

http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc6/cli/clicmds.html#wp1686695

Regards

Ganesh.H

Hi Ganesh,

thnku for the info. I have the commands to configure errdisable recovery commands but my problem is that the switch

m using(cisco-2924) doen't support errdisable recovery command for "psecure violation" and "security reject" . Could u plz tell

me how can i solve this problem.

you need to upgrade your soft to Release 12.0(5)WC5 .

you can use this tool (http://tools.cisco.com/Support/CLILookup/cltSearchAction.do) to find solution for similar problems

Hi,

Upgarde the IOS to Cisco IOS Release 12.0(5)WC5 and then check !!

Check out the below link alsoon Release Notes for the Catalyst 2900 XL and Catalyst 3500 XL Switches,Cisco IOS Release 12.0(5)WC17

http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc17/ol256213.pdf

Hope that helps your query !!

Regards

Ganesh.H

I got IOS version -12.0(5)WC17 installed in 2900 series switch, would this version support to configure "PSECURE" commands?

regards,

rammi

Yes it should work !!

Regards

Ganesh.H

No yaar , still m unable to configure commands of psecure violation as there is no such option available . I can only configure such commands for UDLD cause. Moreover when PSECURE VIOLATION occured, i have gone tru the syslog msgs and  m suprised to see that the mac-adress which  violated the port matches with the mac-address of the pc connected to that port. It means that the mac-address allowed on that port itself causing violation. why it is happening like this? How could the same mac cause violation ?

I have configured port security in the following way:

switchport port security

switchport port security max 1

switchport port security violation shutdown

According to the above commands the "max1" in the second command binds one mac-address on the port and the third command puts the port to "shut"

if it encounters different mac-address but in my case the allowed mac itself causing violation. PLz help me.

regards,

rammi

It means that there can only be ONE MAC address this port will ever listen or learn.  And if there is bound to be more than one MAC address, the port will be shutdown or put into error-disable.

Hi,

Just bind the mac-address with the interface and then check what happen.

configure switchport      port-security mac-address {MAC address} and see the result.

HTH

Regards

Ganesh.H

Ok will try that command. One more doubt, do vista pc breaks the port security? I mean that if vista pc connected to a secured port, will that secured port allow that  mac or puts the port to admin down? M asking this because one of my friend connected one vista pc to secured port with out my knowledge and he was able to acces lan on secured port now. How it could happen? 

regards,

rammi

It should not happen as all swithcport security works  on mac based so what ever is the source end,you need to check out the switcport security in switch end why that pc has got access after connecting into switch.

HTH

Regards

Ganesh.H

krishnakumarr
Level 1
Level 1

hi

By default the port security any violation happed it automaticaly the port goes shutdown state

here some examples for configuring port security

Switch(config)# interface FastEthernet1/0/1
Switch(config-if)# switchport access vlan 21
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan 22
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 20
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# switchport port-security mac-address 0000.0000.0003
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice
Switch(config-if)# switchport port-security mac-address 0000.0000.0004 vlan voice
Switch(config-if)# switchport port-security maximum 10 vlan access
Switch(config-if)# switchport port-security maximum 10 vlan voice

regards

krishna kumar

Hi all,

i would like to write CCNA exam. Could any one pls guide me how to prepare for it. I need

latest CCNA-640-802 dumps, previous question papers and free simulators, plz plz plz help me yaar.

regards,

rammi

Hi all,

i would like to write CCNA exam. Could any one pls guide me how to prepare for it. I need

latest CCNA-640-802 dumps, previous question papers and free simulators, plz plz plz help me yaar.

regards,

rammi

Hi Rammi,

It will be helpful if your problem has been resolved then mark this thread as resolved and do rate the valauble post  and ask these type of question in certification forum.

Regards

Ganesh.H

Review Cisco Networking for a $25 gift card