Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
1
Replies

UDP Storm

Ahmad Khalifa
Level 1
Level 1

‎12-28-2015 02:42 AM - edited ‎03-08-2019 03:13 AM

I have C2960 connect to company WAN via port fa0/24 i hve done some security configuration such as the following:

<<<<<

switchport access vlan 931
switchport mode access
switchport nonegotiate
switchport port-security maximum 9
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0017.a477.3c2e
switchport port-security mac-address 0017.a477.3c38
switchport port-security mac-address 0024.147a.c120
switchport port-security mac-address 1cc1.de06.5dec
switchport port-security mac-address d89d.6714.ab30
switchport port-security mac-address d89d.6714.ab31
switchport port-security mac-address d89d.6714.d718
switchport port-security mac-address d89d.6714.d719
switchport port-security mac-address d89d.6715.9dd0
ip access-group HQs_PI_EXT in
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
spanning-tree guard root

>>>>

i can not put violation to shutdown due to always trigger because the UDP flood or storm and i keep getting messages on my syslog server says the following messages so please any idea and what is the reason 

  • (1224 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 2c27.d736.f205 on port FastEthernet0/24.
  • (1108 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 24be.0513.0b9c on port FastEthernet0/24.
  • (900 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 6c62.6d68.adf2 on port FastEthernet0/24.
  • (753 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8cb.8a62.3ffa on port FastEthernet0/24.
  • (722 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b4d.2322 on port FastEthernet0/24.
  • (646 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 2c27.d736.fc22 on port FastEthernet0/24.
  • (641 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8cb.8a62.3e7a on port FastEthernet0/24.
  • (596 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b4d.a4b6 on port FastEthernet0/24.
  • (578 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b4b.2fe3 on port FastEthernet0/24.
  • (565 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b50.9928 on port FastEthernet0/24.
  • (554 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b52.9355 on port FastEthernet0/24.
  • (552 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 24be.0515.5498 on port FastEthernet0/24.
  • (545 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b50.992d on port FastEthernet0/24.
  • (514 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b4b.e50d on port FastEthernet0/24.
  • (501 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b4d.a79a on port FastEthernet0/24.
  • (482 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 24be.0512.d7cb on port FastEthernet0/24.
  • (461 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 6c62.6d68.add4 on port FastEthernet0/24.
  • (422 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b50.9931 on port FastEthernet0/24.
  • (418 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 3cd9.2b4d.2319 on port FastEthernet0/24.
  • (398 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0011.0af0.19b1 on port FastEthernet0/24.
  • (380 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 6c62.6d68.ae0b on port FastEthernet0/24.
  • (372 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 00c0.8b0b.1e0a on port FastEthernet0/24.
  • (368 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 24be.0515.4e20 on port FastEthernet0/24.
  • (334 times) %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0019.d19f.527d on port FastEthernet0/24.
Labels:
0 Helpful
1 Reply 1

AllertGen
Level 3
Level 3

‎12-28-2015 06:34 AM

Hello.

Because you used a command "switchport port-security maximum 9" you switch can deal only with first 9 MAC addresses that it got. And as I see by a commands bellow it already learned all 9 MAC addresses. But you WAN connection hsa more than 9 hosts and more than 9 MAC addresses from them. And because you have a "switchport port-security violation restrict" line you are getting all this messages about violation of the rule "not more than 9 MAC addresses".

You have 2 solutions:

1. Permit to learn more MAC addresses from a WAN.

2. Use a command "switchport port-security violation protect" instead of "restrict". At this way it will continue to drop traffic from not learning MAC addresses but switch will not inform you about this (But keep in mind this line for a troubleshooting in the future).

Best Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card