01-30-2014 01:58 PM - edited 03-07-2019 05:55 PM
This is the stack:
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C2960X-48TD-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
2 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
3 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
4 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
5 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
6 52 WS-C2960X-48TS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
7 52 WS-C2960X-48TD-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
The sixth switch in the stack reported a psecure error a few weeks ago. We determined it was just a public library system on that port, without any VMs, hubs, etc. Further troubleshooting determined the port kept reporting a psecure error no matter what system was connected into it. We RMA'd the switch.
Yesterday, switch four in the stack reported the same problem and today a second interface on the same switch has started reporting the error. We have disabled both interfaces and moved the patch cables to other interfaces on the stack. Those systems are running fine in their new locations.
We only have the basic warranty on these switches so I am unable to open a TAC. Is anybody else aware of this issue? A search for a known bug turned up nothing.
01-30-2014 03:04 PM
Brian,
What is the exact error message?
Thanks
Ankur
01-31-2014 09:19 AM
It is the normal port security violation error:
%PM-4-ERR_RECOVER: Attempting to recover from psecure-violation err-disable state on Gi4/0/45 (RNSWB-0-4)
%PM-4-ERR_DISABLE: psecure-violation error detected on Gi4/0/45, putting Gi4/0/45 in err-disable state (RNSWB-0-4)
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address b8ac.6fb1.226c on port GigabitEthernet4/0/45. (RNSWB-0-4)
02-02-2014 12:25 PM
Brian,
I don't think its a bug.
Did you check this mac address? This violation might be authentic.
I looked for bugs related to these errors but didn't get anyone matching exactly these.
Thanks
Ankur
02-04-2014 07:16 AM
Once the error starts, it doesn't stop, no matter what system is connected to the interface. If we swap computers on the switch, the one that was generating the error operates without problem on another interface and the new system that was operating without any issue begins to generate errors on that interface.
The cable path was completely changed when the systems were swapped, as the change was made at the patch panel.
This isn't a legitimate error.
03-05-2014 10:06 AM
This issue isn't going away. Today I am seeing seven different interfaces reporting psecure violations. On five of them I have increased the maximum MAC addresses allowed to two and they have settled down and are operational, yet they only report one MAC address. Here is an interface configuration:
interface GigabitEthernet5/0/5
switchport access vlan 170
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
switchport port-security
The only new line is the maximum 2.
Everytime the violating MAC is the only operational MAC.
We are looking for other patterns to try to identify a client side issue, but I would really appreciate some insight into this.
05-02-2014 09:45 AM
Hi,
did you find a solution to your issue yet?
Thanks,
Catalin
05-02-2014 09:59 AM
It appears that we have. We planned to roll back the IOS version but discovered a new version had just been released 15.0(2)EX5. So, even though this error isn't mentioned in the release notes, we upgraded the IOS. The problem has not occurred again since the upgrade.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide