Symptom
When configuring the port-security on a switch port, the SNMP polling and CLI return incorrect status after the interface being error disabled due to security violation (a different MAC than the configuration MAC being learnt).
Conditions
Interface being error disabled due to security violation.
Further Problem Description
[SNMP walk]
> snmpwalk
CISCO-PORT-SECURITY-MIB::cpsIfPortSecurityStatus.= INTEGER: securedown(2)
In MIB file (CISCO-PORT-SECURITY-MIB), it says:
cpsIfPortSecurityStatus OBJECT-TYPE
SYNTAX INTEGER { secureup(1), securedown(2),
shutdown(3) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object represents the operational status
of the port security feature on an interface.
secureup(1) - This indicates port security
is operational.
securedown(2) - This indicates port security is
not operational. This happens
when port security is configured
to be enabled but could not be
enabled due to certain reasons
such as conflict with other
features.
shutdown(3) - This indicates that the port is
shutdown due to port security
violation when the object
cpsIfViolationAction is of type
'shutdown'."
[CLI]
# show port-security interface eth
Port Status : Secure Down <<< NX-OS
#show port-security int Fa
Port Status : Secure-shutdown <<< IOS
