Psecure violation in 2900 series switch

Unanswered Question
Dec 18th, 2009
User Badges:

Hi,

could any one plz tell me the reason for pseure violation.

m using 2924 model switch with ver 12.0(s)wc17, how can i configure errdisable recovery commands in this switch?

In this switch Errdisable recovery option is available only for  "udld" but not for  "psecure violation". How can i rectify this psecure violation problem

in cisco 2900 series switch?


regards,

rammi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rammi.malek Sun, 12/20/2009 - 09:47
User Badges:

Hi Ganesh,

thnku for the info. I have the commands to configure errdisable recovery commands but my problem is that the switch

m using(cisco-2924) doen't support errdisable recovery command for "psecure violation" and "security reject" . Could u plz tell

me how can i solve this problem.

Ganesh Hariharan Sun, 12/20/2009 - 23:07
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


Upgarde the IOS to Cisco IOS Release 12.0(5)WC5 and then check !!


Check out the below link alsoon Release Notes for the Catalyst 2900 XL and Catalyst 3500 XL Switches,Cisco IOS Release 12.0(5)WC17


http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc17/ol256213.pdf


Hope that helps your query !!


Regards

Ganesh.H

rammi.malek Sat, 01/09/2010 - 22:16
User Badges:

I got IOS version -12.0(5)WC17 installed in 2900 series switch, would this version support to configure "PSECURE" commands?



regards,

rammi

Ganesh Hariharan Sun, 01/10/2010 - 23:06
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Yes it should work !!


Regards

Ganesh.H

rammi.malek Mon, 01/11/2010 - 08:41
User Badges:

No yaar , still m unable to configure commands of psecure violation as there is no such option available . I can only configure such commands for UDLD cause. Moreover when PSECURE VIOLATION occured, i have gone tru the syslog msgs and  m suprised to see that the mac-adress which  violated the port matches with the mac-address of the pc connected to that port. It means that the mac-address allowed on that port itself causing violation. why it is happening like this? How could the same mac cause violation ?


I have configured port security in the following way:


switchport port security

switchport port security max 1

switchport port security violation shutdown


According to the above commands the "max1" in the second command binds one mac-address on the port and the third command puts the port to "shut"

if it encounters different mac-address but in my case the allowed mac itself causing violation. PLz help me.



regards,

rammi

Leo Laohoo Mon, 01/11/2010 - 13:51
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

It means that there can only be ONE MAC address this port will ever listen or learn.  And if there is bound to be more than one MAC address, the port will be shutdown or put into error-disable.

Ganesh Hariharan Mon, 01/11/2010 - 23:30
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


Just bind the mac-address with the interface and then check what happen.


configure switchport      port-security mac-address {MAC address} and see the result.


HTH

Regards

Ganesh.H

rammi.malek Fri, 01/15/2010 - 01:05
User Badges:

Ok will try that command. One more doubt, do vista pc breaks the port security? I mean that if vista pc connected to a secured port, will that secured port allow that  mac or puts the port to admin down? M asking this because one of my friend connected one vista pc to secured port with out my knowledge and he was able to acces lan on secured port now. How it could happen? 


regards,

rammi

Ganesh Hariharan Fri, 01/15/2010 - 01:18
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

It should not happen as all swithcport security works  on mac based so what ever is the source end,you need to check out the switcport security in switch end why that pc has got access after connecting into switch.


HTH


Regards

Ganesh.H

krishnakumarr Sun, 01/17/2010 - 02:01
User Badges:

hi


By default the port security any violation happed it automaticaly the port goes shutdown state


here some examples for configuring port security

Switch(config)# interface FastEthernet1/0/1
Switch(config-if)# switchport access vlan 21
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan 22
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 20
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# switchport port-security mac-address 0000.0000.0003
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice
Switch(config-if)# switchport port-security mac-address 0000.0000.0004 vlan voice
Switch(config-if)# switchport port-security maximum 10 vlan access
Switch(config-if)# switchport port-security maximum 10 vlan voice

regards

krishna kumar

rammi.malek Thu, 01/21/2010 - 07:56
User Badges:

Hi all,

i would like to write CCNA exam. Could any one pls guide me how to prepare for it. I need

latest CCNA-640-802 dumps, previous question papers and free simulators, plz plz plz help me yaar.


regards,

rammi

Ganesh Hariharan Fri, 01/22/2010 - 02:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi all,

i would like to write CCNA exam. Could any one pls guide me how to prepare for it. I need

latest CCNA-640-802 dumps, previous question papers and free simulators, plz plz plz help me yaar.


regards,

rammi


Hi Rammi,


It will be helpful if your problem has been resolved then mark this thread as resolved and do rate the valauble post  and ask these type of question in certification forum.


Regards

Ganesh.H

Actions

This Discussion