Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port security violation question

We have a number of Cisco 3560 switches which have port security set on them as follows:

switchport port-security maximum 3

switchport port-security

switchport port-security violation restrict

The ports would have a Cisco IPT phone and PC plugged into them.

we recently had an incident where the following error occured on two ports on two seperate switches, located on the same floor of the building.

PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address

This error kept coming up but only on two ports and with different MAC addresses which we traced as PCs coming from different floors of the building but in the same VLAN.

It looks like something may have been looped but BPDU Guard is set on these switches but did not shut the ports down.

It caused the core switches that connect to the above access switches to run with very high CPU usage, and caused very slow running on anyone connecting on the above VLAN. Other VLANS in the building were not affected.

Other that someone plugging an unauthorised Hub into these switches which we have discounted as no hub was found, what else could have caused this error?

  • LAN Switching and Routing
4 REPLIES
Cisco Employee

Port security violation question

Hello Phil,

That error message you have posted is truncated - it is not complete. The remained that was not posted may contain vital information about the reason. Do you happen to have the entire log message?

Best regards,

Peter

Port security violation question

Hi Phil,

The fact that you see it on two different ports, and the violating MAC addresses are nowhere near this switch, means you are probably right in your conclusion that someone has looped the two ports through a non-STP switch or hub or maybe IP phone.  But you say you have BPDU guard on the two access ports, so one or other should have shut down.  So what could it be?

One possibility is that whatever has looped the two ports is passing traffic but filtering out the BPDUs.  That could happen, for example, if you have a malicious person who has taken a Cisco switch and put BPDU filter on two of its ports, and then used it to loop the two ports on your switch.

I presume you do not have BPDU filter on your own switch.  There was once a "best practices" document that recommended to do that but IMHO it is a real no-no.  BPDU filter effectively wipes out any protection you might have had from BPDU guard.  I only use BPDU filter when absolutely necessary for some corner-case.

Let us know how it works out.

Kevin DORRELL

CCIE #20765

Luxembourg

Port security violation question

Just another thought .... check that the user has not connected the two ports of the IP phone to two ports of your switch.

New Member

Re:Port security violation question

The error is caused due to port security violation..port learned more than 3 mac address.... hav u checked along with ipt what pc connected and is there any vm or virtual interfaces were configured and bridged with pc physical interface to get through network....

I have experienced such instance in past where users started hyperv or vm instance in pc and tried to acces lan...

Sent from Cisco Technical Support Android App

506
Views
0
Helpful
4
Replies