Port Security problem

Unanswered Question
Mar 27th, 2009
User Badges:

have port security configured with the following config on my 6513 running 122-33.SXH3a.


switchport

switchport access vlan 101

switchport mode access

switchport voice vlan 102

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

speed 100

duplex full

spanning-tree portfast


When I plug in a phone I start to see tons of errors like this


devicename 18395: Mar 27 15:38:55.661: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0021.7059.6a82 on port GigabitEthernet2/36

This is the mac address of the pc which is connected to the phone but I don't understand why switch will report as a violation, I have tried using a different phone with the same error. Can someone point me what I could be doing wrong?

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
thotsaphon Fri, 03/27/2009 - 13:23
User Badges:
  • Gold, 750 points or more

Nawaz,

Did you connect PC at the ip phone as well?


Toshi


nawas Fri, 03/27/2009 - 13:26
User Badges:

Yes and I also added

switchport port-security aging time 2

and still seeing errors.

Jon Marshall Fri, 03/27/2009 - 13:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Nawaz


The PC will have a mac-address and so will the phone so you need to add to your port config


switchport port-security maximum 2


Jon

thotsaphon Fri, 03/27/2009 - 13:28
User Badges:
  • Gold, 750 points or more

Jon,

How did you response so fast?


5P!

Toshi

Jon Marshall Fri, 03/27/2009 - 13:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Toshi


Not as fast as you though :-)


Jon

nawas Fri, 03/27/2009 - 13:29
User Badges:

John

It was typo in my previous message, I actually added

switchport port-security maximum 2

and I still see error

thotsaphon Fri, 03/27/2009 - 13:31
User Badges:
  • Gold, 750 points or more

Nawaz,


Where is that MAC-Address comming from?


What about these command?

Try this first:

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice


Later:

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

Toshi

Jon Marshall Fri, 03/27/2009 - 13:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Nawaz


Okay. Looking through some previous posts there seems to be some debate about whether you need to make the number 2 or 3. Could you try -


switchport port-security maximum 3


and see if that makes any difference.


Jon

nawas Fri, 03/27/2009 - 13:41
User Badges:

I only have one voice and one data vlan in this switch so I don't think increasing max vlan will help. I changed the following line from restric to protect and the error went away but I really to use restrict if i can.

switchport port-security violation restrict

Edison Ortiz Fri, 03/27/2009 - 15:44
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

When using an IP Phone, you need to change your port-security to 3 as the IP Phone during its initial boot-up will be on the data Vlan (consuming a mac-address on that vlan). It will reboot again on the voice vlan hence you need:


2 data

1 voice


HTH,


__


Edison.

Actions

This Discussion