multiple 2960x's reporting false psecure error

bschoenrock · ‎01-30-2014

This is the stack:

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 52 WS-C2960X-48TD-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

2 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

3 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

4 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

5 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

6 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

7 52 WS-C2960X-48TD-L 15.0(2)EX4 C2960X-UNIVERSALK9-M

The sixth switch in the stack reported a psecure error a few weeks ago. We determined it was just a public library system on that port, without any VMs, hubs, etc. Further troubleshooting determined the port kept reporting a psecure error no matter what system was connected into it. We RMA'd the switch.

Yesterday, switch four in the stack reported the same problem and today a second interface on the same switch has started reporting the error. We have disabled both interfaces and moved the patch cables to other interfaces on the stack. Those systems are running fine in their new locations.

We only have the basic warranty on these switches so I am unable to open a TAC. Is anybody else aware of this issue? A search for a known bug turned up nothing.

Ankur Arora · ‎01-30-2014

Brian,

What is the exact error message?

Thanks

Ankur

bschoenrock · ‎01-31-2014

It is the normal port security violation error:

%PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Gi4/0/45 (RNSWB-0-4)

%PM-4-ERR_DISABLE: psecure-violation error detected on Gi4/0/45, putting Gi4/0/45 in err-disable state (RNSWB-0-4)

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b8ac.6fb1.226c on port GigabitEthernet4/0/45. (RNSWB-0-4)

Ankur Arora · ‎02-02-2014

Brian,

I don't think its a bug.

Did you check this mac address? This violation might be authentic.

I looked for bugs related to these errors but didn't get anyone matching exactly these.

Thanks

Ankur

bschoenrock · ‎02-04-2014

Once the error starts, it doesn't stop, no matter what system is connected to the interface. If we swap computers on the switch, the one that was generating the error operates without problem on another interface and the new system that was operating without any issue begins to generate errors on that interface.

The cable path was completely changed when the systems were swapped, as the change was made at the patch panel.

This isn't a legitimate error.

bschoenrock · ‎03-05-2014

This issue isn't going away. Today I am seeing seven different interfaces reporting psecure violations. On five of them I have increased the maximum MAC addresses allowed to two and they have settled down and are operational, yet they only report one MAC address. Here is an interface configuration:

interface GigabitEthernet5/0/5

switchport access vlan 170

switchport mode access

switchport nonegotiate

switchport port-security maximum 2

switchport port-security

The only new line is the maximum 2.

Everytime the violating MAC is the only operational MAC.

We are looking for other patterns to try to identify a client side issue, but I would really appreciate some insight into this.

catalin.vintu · ‎05-02-2014

Hi,

did you find a solution to your issue yet?

Thanks,

Catalin

bschoenrock · ‎05-02-2014

It appears that we have. We planned to roll back the IOS version but discovered a new version had just been released 15.0(2)EX5. So, even though this error isn't mentioned in the release notes, we upgraded the IOS. The problem has not occurred again since the upgrade.