Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 4506 802.1x Issues

Status
Not open for further replies.
cjebbs

cjebbs

Technical User
Oct 6, 2009
3
US
This same issue was posted in March 08 and I was wondering if anyone had found a resolution.

We have recently turned 802.1x on in our office environment. It appears to work very well except anywhere from 1 to 3 times a day a mac address which is plugged into one port, shows up on another effectively disabling the port with the following message:

<45>3740: Oct 14 13:23:33: %DOT1X-5-SECURITY_VIOLATION: Security violation on interface GigabitEthernet4/5, New MAC address xxx.xxx.xxx is seen
<45>3741: on the interface in Single Host mode
<44>3742: Oct 14 13:23:33: %PM-4-ERR_DISABLE: security-violation error detected on Gi4/5, putting Gi4/5 in err-disable state


The only way to resolve it is to shut the port and then re-enable.
 
Sort by date Sort by votes
You must have

switchport port-security max
or
switchport port-security mac sticky

Post a sh run int ge4/5

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
How does it show up on another port? Are these laptops or such moving around and plugging into different jacks?
 
Upvote 0 Downvote
The machines are not moving, in fact the biggest offender is a desktop. Basically, this desktop, which is an exception and plugged into a hub which is plugged into a port with no dot1x enabled, shows up on another port effectively shutting down the security enabled port. Here is the configuration of all dot1x ports.

interface GigabitEthernet3/1
switchport access vlan 47
switchport mode access
dot1x port-control auto
dot1x timeout quiet-period 5
dot1x timeout tx-period 5
dot1x guest-vlan 99
spanning-tree portfast
end

There are six identified systems, out of 128, which show up on other ports. I am searching the biggest offender for malware now but I have never seen a piece of malware act like this.
 
Upvote 0 Downvote
I've seen this on Nortel switches. Nasty. Cured with a firmware upgrade.

do a sh ver.
 
Upvote 0 Downvote
We had this on some core 6509`s a year or two back. it was a pain in the rear as it would come and go. Before Cisco would do anything they wanted show commands during the issue but it was tricky to catch. In the end a code upgrade fixed it.

LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+
 
Upvote 0 Downvote
Yeah,
I was afraid of that. We are running 12.2(25). I am going to put in for cc for an upgrade this week. Strange, it hasn't happened yet today. I will track it and see if the upgrade resolves the problem.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
65
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
424
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
400
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
413
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
369
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top