Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3424
Views
0
Helpful
5
Replies

port-security in IPPhone+PC switch ports and security-violation

jmfranco
Level 1
Level 1

‎06-23-2010 04:29 AM - edited ‎03-06-2019 11:43 AM

Hi.

We are testing port-security in Cat4510+Sup6E with ip phone switch ports (7911 ip phones).We are trying with the following configuration:

interface GigabitEthernet4/35
description Usuario
switchport access vlan 251
switchport mode access
switchport voice vlan 261
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict
no logging event link-status
load-interval 60
no snmp trap link-status
spanning-tree portfast
spanning-tree bpduguard enable
service-policy output pm_trusted
vlan-range 251
   service-policy input pm_accesodat
vlan-range 261
   service-policy input pm_accesovoz

If we connect ip phone to switchport, ip phone works fine, but if we connect PC belonging to ip phone, a security-violation occurs and port is shutted down and Ip phone and PC doesn´t works. We have tried only with "switchport port-security maximum 3", and fixing maximum mac addres for voice and data vlans (1 and 2. but it doesn´t work. Taking a view to switch log when we connect pc to ip phone:

090543: Jun 23 13:08:52 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface Gi4/35, new MAC address (001c.c0e4.c9f4) is seen.
090544: Jun 23 13:08:52 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet4/35, new MAC address (001c.c0e4.c9f4) is seen.
090545: Jun 23 13:08:52 CEST: %PM-4-ERR_DISABLE: security-violation error detected on Gi4/35, putting Gi4/35 in err-disable state
090546: 147038: .Jun 23 13:08:52 CEST: %PM-4-ERR_DISABLE: STANDBY:security-violation error detected on Gi4/35, putting Gi4/35 in err-disable state

001c.c0e4.c9f4 is pc mac address.

Can you help us to troubleshoot what is happening?

Thanks

I think security-violation occurs because switc

1 person had this problem
Labels:
0 Helpful
5 Replies 5

saul alonso ramos
Level 1
Level 1

‎01-06-2014 07:22 AM

Hi jmfranco,

Did you get this to work? if so, could you tell me how to fix it?

I'm experiencing the same problem, phone and pc get authorized but the security violation error appear.

Thanks,

0 Helpful

Andrew Grech
Level 1
Level 1

‎06-09-2014 08:04 PM

Any one have an update on this?

0 Helpful

whiteside998
Level 1
Level 1
In response to Andrew Grech

‎06-09-2014 10:22 PM

Hi andrewgrech

wow 4 years old huh

 

taking a quick stab in the dark but may be there are no rules defined as to the mac addresses, i have not played with this often but imagine you need to either define the mac address that will be on the port or enable mac sticky to dynamically learn the addresses.

from there either have the coded or set some aging rules

 

but let me know if this helps at all :)

 

 

0 Helpful

Andrew Grech
Level 1
Level 1
In response to whiteside998

‎06-10-2014 04:53 PM

One was 5 months ago :D

Um so we we use dot1x then MAB on all ports and have dynamic vlan assignment.

The setting causing the issue was port security maximum 5

 

behavior see is on some ports when the PC is plugged into the phone it will go error disable. Number of MACs seen at any point was 3. Removing the maximum command fixed the issue.

0 Helpful

Andrew Grech
Level 1
Level 1
In response to Andrew Grech

‎06-11-2014 06:57 PM

In my-case this is bug CSCta36155

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card