05-11-2009 11:26 AM - last edited on 03-25-2019 04:06 PM by ciscomoderator
Port security is giving me so much grief. I have allowed maximum of 2 mac addresses but for some reason I get several security violation syslog alerts throughout the day and these violations come from different mac addresses, while there is only one PC connected to this port Can someone explain me why would that happen and how do I avoid getting these alerts?
Here is my Port security configuration:
interface GigabitEthernet4/14
switchport
switchport access vlan 101
switchport mode access
switchport voice vlan 102
switchport port-security
switchport port-security maximum 2
switchport port-security aging time 2
switchport port-security violation restrict
speed 100
duplex full
spanning-tree portfast
Syslog message generated from device chicago-6513: May 8 16:05:34 chi-6513-10.mydomain.com 18804: May 8 16:05:32.192: %PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 5854.5330.3920 on port GigabitEthernet4/14.
Syslog message generated from device chi-6513-10: May 8 14:59:37 Chicago-6513.mydomain.com 18803: May 8 14:59:35.268: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 5853.4430.3641 on port GigabitEthernet4/14.
Syslog message generated from device Chicago-6513: May 8 14:34:41 Chicago-6513.mydomain.com 18799: May 8 14:34:39.399: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001a.4644.5854 on port GigabitEthernet4/14.
#show port-security interface gigabitEthernet 4/14
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 2 mins
Aging Type : Absolute
Maximum MAC Addresses : 2
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address : 001a.a04f.7763
Last Source Address VlanId : 101
Security Violation Count : 6
05-11-2009 11:28 AM
What is connected to that port?
05-11-2009 11:30 AM
A desktop PC and I ensured that it doesn't have any VM Ware apps.
05-11-2009 01:58 PM
Those MAC addresses look totally bogus. Are there errors on the switchport?
I've seen errors in our environment during backups where we'd see random MAC addresse trigger port security. I think we looked into nic-level drivers and fixed some of the issues. Dell docking stations had some weird issues too, but that might have been a different situation.
Can you upgrade the NIC drivers? Verify it's not set for jumbo frames or something? Make sure you're not seeing errors otherwise?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: