> Oct 30 11:33:06.458 UTC: PSECURE: Violation/duplicate detected upon
> receiving 0000.5e00.0103 on vlan 123: port_num_addrs 0 port_max_addrs
> 100 vlan_addr_ct 0: vlan_addr_max 100 total_addrs 853: max_total_addrs
> 3072
> Oct 30 11:33:06.458 UTC: PSECURE: psecure_add_addr_check: Found
> duplicate mac-address 0000.5e00.0103, It is already secured on Gi4/7
> Oct 30 11:33:06.458 UTC: PSECURE: psecure_add_addr_check: Security
> violation occurred, bring down the interface
> Oct 30 11:33:06.458 UTC: %PM-4-ERR_DISABLE: psecure-violation error
> detected on Fa5/2, putting Fa5/2 in err-disable state
>
> As I understand this "debug port-security" log, port-security on Gi4/7
> learned the MAC address 0000.5e00.0103 and then the same MAC address
> appeared in port Fa5/2 and port-security on Fa5/2 put the port Fa5/2
> into error-disabled state.
>
> Under which conditions does port-security consider MAC flap as a
> security violation? I wasn't able to replicate this behavior in lab..
Once a mac address is "secured" (within the thresholds of a port with
port-security enabled), it must not appear on another port-security
enabled switchport).
It doesn't necessarily have todo with "mac flapping". You should be able
to trigger this even by moving the mac from on port to another.
Lukas
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
