Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port-security in IPPhone+PC switch ports and security-violation

Hi.

We are testing port-security in Cat4510+Sup6E with ip phone switch ports (7911 ip phones).We are trying with the following configuration:

interface GigabitEthernet4/35
description Usuario
switchport access vlan 251
switchport mode access
switchport voice vlan 261
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict
no logging event link-status
load-interval 60
no snmp trap link-status
spanning-tree portfast
spanning-tree bpduguard enable
service-policy output pm_trusted
vlan-range 251
   service-policy input pm_accesodat
vlan-range 261
   service-policy input pm_accesovoz

If we connect ip phone to switchport, ip phone works fine, but if we connect PC belonging to ip phone, a security-violation occurs and port is shutted down and Ip phone and PC doesn´t works. We have tried only with "switchport port-security maximum 3", and fixing maximum mac addres for voice and data vlans (1 and 2. but it doesn´t work. Taking a view to switch log when we connect pc to ip phone:

090543: Jun 23 13:08:52 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface Gi4/35, new MAC address (001c.c0e4.c9f4) is seen.
090544: Jun 23 13:08:52 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet4/35, new MAC address (001c.c0e4.c9f4) is seen.
090545: Jun 23 13:08:52 CEST: %PM-4-ERR_DISABLE: security-violation error detected on Gi4/35, putting Gi4/35 in err-disable state
090546: 147038: .Jun 23 13:08:52 CEST: %PM-4-ERR_DISABLE: STANDBY:security-violation error detected on Gi4/35, putting Gi4/35 in err-disable state

001c.c0e4.c9f4 is pc mac address.

Can you help us to troubleshoot what is happening?

Thanks

I think security-violation occurs because switc

5 REPLIES
New Member

port-security in IPPhone+PC switch ports and security-violation

Hi jmfranco,

Did you get this to work? if so, could you tell me how to fix it?

I'm experiencing the same problem, phone and pc get authorized but the security violation error appear.

Thanks,

New Member

Any one have an update on

Any one have an update on this?

New Member

Hi andrewgrechwow 4 years old

Hi andrewgrech

wow 4 years old huh

 

taking a quick stab in the dark but may be there are no rules defined as to the mac addresses, i have not played with this often but imagine you need to either define the mac address that will be on the port or enable mac sticky to dynamically learn the addresses.

from there either have the coded or set some aging rules

 

but let me know if this helps at all :)

 

 

New Member

One was 5 months ago :DUm so

One was 5 months ago :D

Um so we we use dot1x then MAB on all ports and have dynamic vlan assignment.

The setting causing the issue was port security maximum 5

 

behavior see is on some ports when the PC is plugged into the phone it will go error disable. Number of MACs seen at any point was 3. Removing the maximum command fixed the issue.

New Member

In my-case this is bug

In my-case this is bug CSCta36155

1794
Views
0
Helpful
5
Replies