OPERATIONAL DEFECT DATABASE
...
...
When configuring the port-security on a switch port, the SNMP polling and CLI return incorrect status after the interface being error disabled due to security violation (a different MAC than the configuration MAC being learnt).
Interface being error disabled due to security violation.
None.
[SNMP walk] > snmpwalk CISCO-PORT-SECURITY-MIB::cpsIfPortSecurityStatus.= INTEGER: securedown(2) In MIB file (CISCO-PORT-SECURITY-MIB), it says: cpsIfPortSecurityStatus OBJECT-TYPE SYNTAX INTEGER { secureup(1), securedown(2), shutdown(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object represents the operational status of the port security feature on an interface. secureup(1) - This indicates port security is operational. securedown(2) - This indicates port security is not operational. This happens when port security is configured to be enabled but could not be enabled due to certain reasons such as conflict with other features. shutdown(3) - This indicates that the port is shutdown due to port security violation when the object cpsIfViolationAction is of type 'shutdown'." [CLI] # show port-security interface eth Port Status : Secure Down <<< NX-OS #show port-security int Fa Port Status : Secure-shutdown <<< IOS
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
