since we implemented port security a couple of years ago we have seen some odd behaivor on a few occasions, where a port will go err-disable for psecure-violation. when we go look at the source mac that caused the issue there is some garbage mac address like 0000.0000.0001 involved. just chalked this up to static or pfm as security cameras footage showed no physical access. however a couple of days ago we had a switch lock down 4 ports inside of a couple of seconds. logs show no access to the switch, physical security was also checked with no access shown. any idea what might cause something like this to happen ? We are running WS-C3560G-48PS switches on the 12.2(55)SE1 software.
I have attached logs
I think you will quickly see that existing mac addresses somehow became associated with the wrong ports on the switch, therby disabling those ports.
the log shows all activity for that day, I would have expected to see a port down for both ports involved if it were a physical move but that is not the case so somthingelse is at work here.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...