cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
978
Views
0
Helpful
3
Replies

Port Security (again)-Cisco 6513

nawas
Level 4
Level 4

Port security is giving me so much grief. I have allowed maximum of 2 mac addresses but for some reason I get several security violation syslog alerts throughout the day and these violations come from different mac addresses, while there is only one PC connected to this port Can someone explain me why would that happen and how do I avoid getting these alerts?

Here is my Port security configuration:

interface GigabitEthernet4/14

switchport

switchport access vlan 101

switchport mode access

switchport voice vlan 102

switchport port-security

switchport port-security maximum 2

switchport port-security aging time 2

switchport port-security violation restrict

speed 100

duplex full

spanning-tree portfast

Syslog message generated from device chicago-6513: May 8 16:05:34 chi-6513-10.mydomain.com 18804: May 8 16:05:32.192: %PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 5854.5330.3920 on port GigabitEthernet4/14.

Syslog message generated from device chi-6513-10: May 8 14:59:37 Chicago-6513.mydomain.com 18803: May 8 14:59:35.268: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 5853.4430.3641 on port GigabitEthernet4/14.

Syslog message generated from device Chicago-6513: May 8 14:34:41 Chicago-6513.mydomain.com 18799: May 8 14:34:39.399: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001a.4644.5854 on port GigabitEthernet4/14.

#show port-security interface gigabitEthernet 4/14

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Restrict

Aging Time : 2 mins

Aging Type : Absolute

Maximum MAC Addresses : 2

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address : 001a.a04f.7763

Last Source Address VlanId : 101

Security Violation Count : 6

3 Replies 3

jfgobin01
Level 1
Level 1

What is connected to that port?

A desktop PC and I ensured that it doesn't have any VM Ware apps.

Those MAC addresses look totally bogus. Are there errors on the switchport?

I've seen errors in our environment during backups where we'd see random MAC addresse trigger port security. I think we looked into nic-level drivers and fixed some of the issues. Dell docking stations had some weird issues too, but that might have been a different situation.

Can you upgrade the NIC drivers? Verify it's not set for jumbo frames or something? Make sure you're not seeing errors otherwise?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco