Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Port security blowing up!

Good afternoon,

I have a weird problem that just popped yesterday. We run port security on all of our switches ports connected to servers, the mac addresses are hard-coded on each server interface. Yesterday 8-10 ports on 3 different switches were shut down for port security at the same time. When looking at the port status the last-src-addr and the secure-src-address were still the correctly configured mac. The boxes are 6500s running cat6000-sup2k9.8-5-6.bin. The ports are on different blades and the NICs are from different manufacturers.

I ended up having to clear port security on all of the ports and enabling them again. Everything was good yesterday afternoon but I experienced the same problem again this morning.

Anyone else experience this problem? Any fix action?

Thanks in advance for any assistance!


New Member

Re: Port security blowing up!

I am assuming, since they are servers, that the IP's are statically set (as well as duplex/speed), correct?

What are the functions of the servers affected? Do you run any kind of Virtual Machine on them? (vmware, ms, etc...). Do you manually apply windows updates (assuming they are MS boxes) or have auto-update turned off?

New Member

Re: Port security blowing up!

What messages do you see when you do "show log" in your switch?

You probably have port-security restriction set for "shutdown" upon port violation. Can you try "restrict" option. Also, what is the current mac-add limit set for each port?

When you said it happened again, were they the same ports that shutdown before? Are users hooking up unauthorized devices that you're aware of?

You might want to try out some of these commands:

no errdisable detect cause pagp-flap

no errdisable detect cause dtp-flap

no errdisable detect cause link-flap

no errdisable detect cause l2ptguard