Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
800
Views
0
Helpful
0
Replies

Strange Port Security Violation

Leslie Jones
Level 1
Level 1

‎11-20-2014 07:00 AM - edited ‎03-07-2019 09:35 PM

Hello all,

 

I'm having an issue with port security that I can't make any sense of. It's similar to this one here: https://supportforums.cisco.com/discussion/12279036/portsecurity-sp-2-psecureviolation but I didn't see a resolution or reference to a bug.

 

The problem is we have two 6500 switches port-channeled together, as noted in the PPT I have included. The 6509 is connected to the rest of the network by way of a patch panel and an encryption device. The card we are using to connect to the wan is a 7600-SIP-400 with a SPA-2X1GE-V2 module installed (ports G9/0/0 and G9/0/1). One port is used, the other port is shutdown.

The 6513 is acting as an access layer switch and is connected to the end user devices. One being a VOIP. All of our access ports have port security turned on. For some unknown reason the MAC from the SIP card on the 6509 showed up on the voice port of the 6513 and error disabled the port due to a security violation.

 

As far as I know this has happened twice in the past week but to the same voice port. This switch is highly populated. The guys at site say they have not touched anything on either switch.

 

Show logg on 6513:

%PORT_SECURITY_SP-2-PSECURE_VIOLATION: Security violation occurred,  caused by MAC address 0000.0000.0001 on port Fastethernet1/33.

%PM-SPSTBY-4-ERR_DISABLE: psecure-violation error detected on fa1/33, putting Fa1/33 in err-disable state

 

The logs on the 6509 show no indication of 9/0/0 going down and we are almost certain that 9/0/1 wasn't enabled and the voice port and connected to this for whatever reason. I say almost certain because we have a help desk that manages the network 24/7 and has the ability to make configuration changes. No one has mentioned making any changes.

 

Sh int 9/0/0 on 6509

GigabitEthernet9/0/0 is up, line protocol is up

hardware is GigEther SPA address 0000.0000.0001 (bia 0000.0000.0001)

 

9/0/1 is admin down but with same MAC as 9/0/0. I'm guessing this is the SIP either the SIP or SPA card MAC.

 

 

Port Fa1/33 config:

Switchport

switchport access vlan 3

switchport mode access

switchport  port-security

switchport  port-security mac-address sticky

switchport  port-security mac-address sticky 0000.0000.0002

duplex full

mls qos trust device cisco phone

mls qos trust dscp

Spanning portfast edge

 

Both switches running IOS version 12.2(33). Drawing is attached.

 

 

Labels:
Preview file
52 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card