We have a number of Cisco 3560 switches which have port security set on them as follows:
switchport port-security maximum 3
switchport port-security violation restrict
The ports would have a Cisco IPT phone and PC plugged into them.
we recently had an incident where the following error occured on two ports on two seperate switches, located on the same floor of the building.
PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address
This error kept coming up but only on two ports and with different MAC addresses which we traced as PCs coming from different floors of the building but in the same VLAN.
It looks like something may have been looped but BPDU Guard is set on these switches but did not shut the ports down.
It caused the core switches that connect to the above access switches to run with very high CPU usage, and caused very slow running on anyone connecting on the above VLAN. Other VLANS in the building were not affected.
Other that someone plugging an unauthorised Hub into these switches which we have discounted as no hub was found, what else could have caused this error?
The fact that you see it on two different ports, and the violating MAC addresses are nowhere near this switch, means you are probably right in your conclusion that someone has looped the two ports through a non-STP switch or hub or maybe IP phone. But you say you have BPDU guard on the two access ports, so one or other should have shut down. So what could it be?
One possibility is that whatever has looped the two ports is passing traffic but filtering out the BPDUs. That could happen, for example, if you have a malicious person who has taken a Cisco switch and put BPDU filter on two of its ports, and then used it to loop the two ports on your switch.
I presume you do not have BPDU filter on your own switch. There was once a "best practices" document that recommended to do that but IMHO it is a real no-no. BPDU filter effectively wipes out any protection you might have had from BPDU guard. I only use BPDU filter when absolutely necessary for some corner-case.
The error is caused due to port security violation..port learned more than 3 mac address.... hav u checked along with ipt what pc connected and is there any vm or virtual interfaces were configured and bridged with pc physical interface to get through network....
I have experienced such instance in past where users started hyperv or vm instance in pc and tried to acces lan...
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...