Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Port Security problem

have port security configured with the following config on my 6513 running 122-33.SXH3a.

switchport

switchport access vlan 101

switchport mode access

switchport voice vlan 102

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

speed 100

duplex full

spanning-tree portfast

When I plug in a phone I start to see tons of errors like this

devicename 18395: Mar 27 15:38:55.661: %PORT_SECURITY-SPSTBY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0021.7059.6a82 on port GigabitEthernet2/36

This is the mac address of the pc which is connected to the phone but I don't understand why switch will report as a violation, I have tried using a different phone with the same error. Can someone point me what I could be doing wrong?

Thanks.

10 REPLIES

Re: Port Security problem

Nawaz,

Did you connect PC at the ip phone as well?

Toshi

Community Member

Re: Port Security problem

Yes and I also added

switchport port-security aging time 2

and still seeing errors.

Hall of Fame Super Blue

Re: Port Security problem

Nawaz

The PC will have a mac-address and so will the phone so you need to add to your port config

switchport port-security maximum 2

Jon

Re: Port Security problem

Jon,

How did you response so fast?

5P!

Toshi

Hall of Fame Super Blue

Re: Port Security problem

Toshi

Not as fast as you though :-)

Jon

Community Member

Re: Port Security problem

John

It was typo in my previous message, I actually added

switchport port-security maximum 2

and I still see error

Re: Port Security problem

Nawaz,

Where is that MAC-Address comming from?

What about these command?

Try this first:

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

Later:

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

Toshi

Hall of Fame Super Blue

Re: Port Security problem

Nawaz

Okay. Looking through some previous posts there seems to be some debate about whether you need to make the number 2 or 3. Could you try -

switchport port-security maximum 3

and see if that makes any difference.

Jon

Community Member

Re: Port Security problem

I only have one voice and one data vlan in this switch so I don't think increasing max vlan will help. I changed the following line from restric to protect and the error went away but I really to use restrict if i can.

switchport port-security violation restrict

Hall of Fame Super Bronze

Re: Port Security problem

When using an IP Phone, you need to change your port-security to 3 as the IP Phone during its initial boot-up will be on the data Vlan (consuming a mac-address on that vlan). It will reboot again on the voice vlan hence you need:

2 data

1 voice

HTH,

__

Edison.

240
Views
5
Helpful
10
Replies
CreatePlease to create content