Phantom Port-Security Errors?

Unanswered Question
May 14th, 2008
User Badges:

Hello All,

I'm curious if anyone who has enabled port-security has experienced this issue. I've enabled port-security on some distribution switches. Two of those switches are connected for redundancy. On a few occassions, I have seen port-security errors crop up on those switches that don't make sense. For example, I've seen a violation error come up on both of those switches, at the same time, for a device that is actually plugged into an access switch's port. I know for sure that the violating device wasn't plugged into these two distribution ports simultaneously. I also know for sure that the device was never moved off of the access switch. So why would the distribution switches report a violation? Could this be because of some STP change? Bug? Something else?

Any input would be appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Tue, 05/20/2008 - 05:52
User Badges:
  • Silver, 250 points or more

If you are using restrict mode then a trap will be sent each time the address is seen. So as long as the device is connected the messages will continue to appear.

jeff.hardee Tue, 05/20/2008 - 06:39
User Badges:

True. But what if the violating device was never plugged into the switch's port? Why would I be seeing a mac address on a port, causing port-security's violation mode to trigger, when the physical connection to that port hasn't changed? ARP table corruption? Flapping? If it was a consistent problem I'd have a better idea and more to offer. But I appreciate the input.


This Discussion