DComTalk.com

I have one problem regarding WS-C6513 switch using CatOS command. I notice that the ports connect from the user to the module ports will keep on shutdown for no reason. The worse part is i have to unshut the port one by one. It really waste a lof of time.

Sometimes i receive some messages in the logging buffer as port-security violation followed by some mac address.

The problem is the desktop did not change any mac address. All the while, the desktop is connected to the IP Phone. It just happen that the port security keep on showing violation then shut the port.

The user side sometime connected to IP Phone. Then from the IP Phone, the cable are then link to the user Desktop.

When i go in to show the ErrDisable Reason for that port, nothing was shown for the status of the port. My errdisable-timeout interval is 300 seconds.

I have already enable arp-inspection, bpdu-guard, channel-misconfig, duplex-mismatch, udld and others inside the errdisable-timeout.

1) How to solve the problem so that the ports will auto unshut?

2) Is it because of the image version so i cannot used the auto unshut features or see the ErrDisable Reason? I am currently using cat6000-sup32pfc3k8.8-5-1.bin image.

3) Or is it a software bug for CatOS? I did not face any of this issue using Cisco IOS.

4) Is it because of the IP Phone? Currently, all IP Phone did not enable the PoE features. Or it is because of PoE?

5) Lastly, is it because of the commands that i put in?

set port security mod/port enable age 5 maximum 3 shutdown 0 unicast-flood enable violation restrict timer-type absolute

This is the only port security command that i have put in.

Ive seen similar issues with catos and ios.. sometimes its quite simply a compatibility issue with the NIC connected to that port. So much for open compatibility standards huh... Of coarse the vendor will blame cisco, cisco will blame the vendor, and nothing will get resolved in the end if you take that route of blame casting.

If you have identified the port is going into errDisable without there actually being a cause you are concerned about, you can simply discover which errDisable event occured in your syslogs that actually caused the shutdown trigger, and then disable that errDisable event trigger in the global configuration. It doesnt totally mitigate all the built in errDisable triggers, you can disable them one by one as you see fit. Now I don't recall the CatOS command to do this off the top of my head, but that should get you going in the right direction with the dreaded Cisco documentation hunt.

Thanks for your suggestion.

We have finally solved it by disable all the security features at CatOS.
I don't see these security useful at CatOS since it is intend for security purpose.

Instead it will cause the ports to go down if we plug the IP phones to most of the ports connected CatOS.