Heading 6
!
interface GigabitEthernet1/0/9
description User Port
switchport access vlan 120
switchport mode access
switchport voice vlan 620
switchport port-security maximum 10
switchport port-security violation restrict
switchport port-security aging time 1440
switchport port-security
storm-control broadcast level 80.00 50.00
storm-control multicast level 80.00 50.00
storm-control action trap
spanning-tree portfast edge
ip dhcp snooping limit rate 10
!
We had an issue when you combine Port Security and IP Phones, ordinarily when you plug in a device into a PortSec enabled port, it learns the MAC and keeps it until it is either removed or an the configured aging timer expires, so if you move a device, the MAC is flushed and all is good. the mac moves to a different port.
If you have an IP Phone between the device and the port, the port never goes down if you unplug it from the phone, so the switch does not flush it, and it then sees the MAC appear on another port before the aging timer expires......whalla....port security violation.
May 8 13:06:13.151 AEST: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 34e6.d708.5413 on port GigabitEthernet2/0/28.
Resolution, set a short aging timer, or educate users.....or something else.....