switch port security violation error

Chennai NOC · ‎09-03-2008

We have implemented switch port security for switches. These Switches are managed by cisco NAC CAM boxes. And cisco agent have been installed on desktops which gets connected to this switches. But no NAC process is implemented for these desktops. The issue i face is a mac address of one pc which is connected to an another switch is learned on another different switch port and it leads to switch port security violation. Its so weared, am not able to understand how come a macaddress of a pc which is connected to a different switch is learned on the port of totally different switch and leads to switch port security violation. My desktop engineer says that the port goes continuously to error disabled till he removes the cisco clean access agent from that desktop.

satish_zanjurne · ‎09-04-2008

1.To isolate the problem remove cisco clean access agent from the desktop.

2. Remove the port security from this port.

3.Use "clear mac-address-table dynamic" on both switches.

4.Now again check , whether same MAC address is learning on both switches.

5.If still it is learning on the port of the switch, where it is not suppose to learn then shut that port.

6.Now see whether it is learning on both switches or it is learning on the actual switch.

7.If it is learning on the actual switch, then definitely the host connected on other port on switch has malicious actvity going on.check that host.

HTH..rate if helpful...