We are experiencing port security violations from the one lappy mac-addresses. Please review the technical information below and let me know if you have any insight.
switchport access vlan 100
switchport mode access
switchport voice vlan 500
switchport port-security maximum 4
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 150
spanning-tree portfast edge
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all
Mar 14 14:25:46: PORT_SECURITY-SP-2-PSECURE_VIOLATION Security violation occurred, caused by MAC address 422f.00a5.01ce on port FastEthernet1/2
Hopus#sh mac-address-table static | inc 0422f
* 3 422f.00a5.01ce static Yes - Gi1/1 >> Uplink port.
Hence I am not able to use this machine anymore on my switch. ( As soon as I connect the laptop to port f1/2 or any other port i get the above error msg) also I dont have any static or sticky configuration on my switch. Its simple config it should work.
I already tried shut/no shut of the port f1/2 but that didnt help. So only way to remove the mac from arp?
If anyone can provide me the valid reason for this behaviour that would be appriciated.
Provide the following outputs:
#show port-security address
#show port-security int f1/2
#show port-security int g1/1
why would we recieve a packet from an access port with default gateway's MAC address as the source address?
may i know what is this device? like, laptop? with docking station? etc..
Yes thats the reason I open this thread. I am working on this for a long period and quite disturb with the way the device is behaving .
Here is te info you want:
Device is Cisco 6509 .
Fast 1/2 is connected to my workstation/laptop.
So I removed that laptop but still I see that its been seen on the Uplink port rather than getting removed.
Please let me know your opinion on this as i am struck with this.
thanks in advance.
when i asked about the device, i wanted to know more about the laptop.. i know of such behavior with lenova USB 3 docking station.
can we track this MAC address switch by switch to find where is this located?
If I remove the laptop and dont connect to any switch still I see the above behaviour.
thats the reason I am in shock. I agree if I connect to any other switch then we can say something out of it but if I remove the laptop and dont connect to any switch still i see that the mac address is stick to the uplink port.
i understand that. thats why i am asking. can you follow the port and try to find from where this MAC address is seen in the network when you disconnect the laptop?
This MAC doesnt seem to belong to any vendor as per www.coffer.com. so, it looks like the MAC was statically configured on 1 or more devices (possibly). try to track this MAC and see if you can find another end host.
I understand what you are trying to ask, I have done all those as I am in cisco network since couple of years now.
Okay here is my second testing i did:
I connected my laptop and removed it but still i see the mac address been seen from uplink port rather than getting flushed or removed when the laptop was removed.
Do you think any bug?
Could you please try reloading the switch once?
I have tested in my lab and it works fine as expected nothing sort of the behaviour you have mentioned above.
So, your access switch thinks it has seen the MAC address from the uplink. OK, so go to the switch on the other end of the G1/1 uplink, and try show mac addr addr 422f.00a5.01ce. Where has the uplink switch seen the MAC address? OK, so follow that port onto the next switch and do the show mac addr command again. Keep going till you find an edge port. Then you have found the culprit.
My question is, what does it mean if he finds the mac on a device from a different switch? Was this ever resolved? I'm having the same issue.