Port Security problem

Unanswered Question
Mar 27th, 2009

have port security configured with the following config on my 6513 running 122-33.SXH3a.

switchport

switchport access vlan 101

switchport mode access

switchport voice vlan 102

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

speed 100

duplex full

spanning-tree portfast

When I plug in a phone I start to see tons of errors like this

devicename 18395: Mar 27 15:38:55.661: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0021.7059.6a82 on port GigabitEthernet2/36

This is the mac address of the pc which is connected to the phone but I don't understand why switch will report as a violation, I have tried using a different phone with the same error. Can someone point me what I could be doing wrong?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
nawas Fri, 03/27/2009 - 13:26

Yes and I also added

switchport port-security aging time 2

and still seeing errors.

Jon Marshall Fri, 03/27/2009 - 13:25

Nawaz

The PC will have a mac-address and so will the phone so you need to add to your port config

switchport port-security maximum 2

Jon

nawas Fri, 03/27/2009 - 13:29

John

It was typo in my previous message, I actually added

switchport port-security maximum 2

and I still see error

thotsaphon Fri, 03/27/2009 - 13:31

Nawaz,

Where is that MAC-Address comming from?

What about these command?

Try this first:

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

Later:

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

Toshi

Jon Marshall Fri, 03/27/2009 - 13:31

Nawaz

Okay. Looking through some previous posts there seems to be some debate about whether you need to make the number 2 or 3. Could you try -

switchport port-security maximum 3

and see if that makes any difference.

Jon

nawas Fri, 03/27/2009 - 13:41

I only have one voice and one data vlan in this switch so I don't think increasing max vlan will help. I changed the following line from restric to protect and the error went away but I really to use restrict if i can.

switchport port-security violation restrict

Edison Ortiz Fri, 03/27/2009 - 15:44

When using an IP Phone, you need to change your port-security to 3 as the IP Phone during its initial boot-up will be on the data Vlan (consuming a mac-address on that vlan). It will reboot again on the voice vlan hence you need:

2 data

1 voice

HTH,

__

Edison.

Actions

This Discussion