03-27-2009 01:12 PM - last edited on 03-25-2019 04:05 PM by ciscomoderator
have port security configured with the following config on my 6513 running 122-33.SXH3a.
switchport
switchport access vlan 101
switchport mode access
switchport voice vlan 102
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
speed 100
duplex full
spanning-tree portfast
When I plug in a phone I start to see tons of errors like this
devicename 18395: Mar 27 15:38:55.661: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0021.7059.6a82 on port GigabitEthernet2/36
This is the mac address of the pc which is connected to the phone but I don't understand why switch will report as a violation, I have tried using a different phone with the same error. Can someone point me what I could be doing wrong?
Thanks.
03-27-2009 01:23 PM
Nawaz,
Did you connect PC at the ip phone as well?
Toshi
03-27-2009 01:26 PM
Yes and I also added
switchport port-security aging time 2
and still seeing errors.
03-27-2009 01:25 PM
Nawaz
The PC will have a mac-address and so will the phone so you need to add to your port config
switchport port-security maximum 2
Jon
03-27-2009 01:28 PM
Jon,
How did you response so fast?
5P!
Toshi
03-27-2009 01:32 PM
Toshi
Not as fast as you though :-)
Jon
03-27-2009 01:29 PM
John
It was typo in my previous message, I actually added
switchport port-security maximum 2
and I still see error
03-27-2009 01:31 PM
Nawaz,
Where is that MAC-Address comming from?
What about these command?
Try this first:
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
Later:
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
Toshi
03-27-2009 01:31 PM
Nawaz
Okay. Looking through some previous posts there seems to be some debate about whether you need to make the number 2 or 3. Could you try -
switchport port-security maximum 3
and see if that makes any difference.
Jon
03-27-2009 01:41 PM
I only have one voice and one data vlan in this switch so I don't think increasing max vlan will help. I changed the following line from restric to protect and the error went away but I really to use restrict if i can.
switchport port-security violation restrict
03-27-2009 03:44 PM
When using an IP Phone, you need to change your port-security to 3 as the IP Phone during its initial boot-up will be on the data Vlan (consuming a mac-address on that vlan). It will reboot again on the voice vlan hence you need:
2 data
1 voice
HTH,
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide