cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
620
Views
5
Helpful
10
Replies

Port Security problem

nawas
Level 4
Level 4

have port security configured with the following config on my 6513 running 122-33.SXH3a.

switchport

switchport access vlan 101

switchport mode access

switchport voice vlan 102

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

speed 100

duplex full

spanning-tree portfast

When I plug in a phone I start to see tons of errors like this

devicename 18395: Mar 27 15:38:55.661: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0021.7059.6a82 on port GigabitEthernet2/36

This is the mac address of the pc which is connected to the phone but I don't understand why switch will report as a violation, I have tried using a different phone with the same error. Can someone point me what I could be doing wrong?

Thanks.

10 Replies 10

Nawaz,

Did you connect PC at the ip phone as well?

Toshi

Yes and I also added

switchport port-security aging time 2

and still seeing errors.

Jon Marshall
Hall of Fame
Hall of Fame

Nawaz

The PC will have a mac-address and so will the phone so you need to add to your port config

switchport port-security maximum 2

Jon

Jon,

How did you response so fast?

5P!

Toshi

Toshi

Not as fast as you though :-)

Jon

John

It was typo in my previous message, I actually added

switchport port-security maximum 2

and I still see error

Nawaz,

Where is that MAC-Address comming from?

What about these command?

Try this first:

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

Later:

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

Toshi

Nawaz

Okay. Looking through some previous posts there seems to be some debate about whether you need to make the number 2 or 3. Could you try -

switchport port-security maximum 3

and see if that makes any difference.

Jon

I only have one voice and one data vlan in this switch so I don't think increasing max vlan will help. I changed the following line from restric to protect and the error went away but I really to use restrict if i can.

switchport port-security violation restrict

When using an IP Phone, you need to change your port-security to 3 as the IP Phone during its initial boot-up will be on the data Vlan (consuming a mac-address on that vlan). It will reboot again on the voice vlan hence you need:

2 data

1 voice

HTH,

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco