Hello all,
I'm having an issue with port security that I can't make any sense of. It's similar to this one here: https://supportforums.cisco.com/discussion/12279036/portsecurity-sp-2-psecureviolation but I didn't see a resolution or reference to a bug.
The problem is we have two 6500 switches port-channeled together, as noted in the PPT I have included. The 6509 is connected to the rest of the network by way of a patch panel and an encryption device. The card we are using to connect to the wan is a 7600-SIP-400 with a SPA-2X1GE-V2 module installed (ports G9/0/0 and G9/0/1). One port is used, the other port is shutdown.
The 6513 is acting as an access layer switch and is connected to the end user devices. One being a VOIP. All of our access ports have port security turned on. For some unknown reason the MAC from the SIP card on the 6509 showed up on the voice port of the 6513 and error disabled the port due to a security violation.
As far as I know this has happened twice in the past week but to the same voice port. This switch is highly populated. The guys at site say they have not touched anything on either switch.
Show logg on 6513:
%PORT_SECURITY_SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.0000.0001 on port Fastethernet1/33.
%PM-SPSTBY-4-ERR_DISABLE: psecure-violation error detected on fa1/33, putting Fa1/33 in err-disable state
The logs on the 6509 show no indication of 9/0/0 going down and we are almost certain that 9/0/1 wasn't enabled and the voice port and connected to this for whatever reason. I say almost certain because we have a help desk that manages the network 24/7 and has the ability to make configuration changes. No one has mentioned making any changes.
Sh int 9/0/0 on 6509
GigabitEthernet9/0/0 is up, line protocol is up
hardware is GigEther SPA address 0000.0000.0001 (bia 0000.0000.0001)
9/0/1 is admin down but with same MAC as 9/0/0. I'm guessing this is the SIP either the SIP or SPA card MAC.
Port Fa1/33 config:
Switchport
switchport access vlan 3
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0000.0000.0002
duplex full
mls qos trust device cisco phone
mls qos trust dscp
Spanning portfast edge
Both switches running IOS version 12.2(33). Drawing is attached.