1
Mitel MiVoice Business/MCD/3300 / Security Violation on switch due to Mitel Phone.
« on: June 26, 2017, 09:55:04 AM »
Has anyone encountered described situation?
Phone 5340 resets spontanious, below switch setting and error.
Switchport error contains multiple macaddresses
Customer uses ICE
SWITCH1#ses gi1/0/12
Interface: GigabitEthernet1/0/12
MAC Address: 0800.0f99.6e56
IP Address: 10.10.10.150
User-Name: 08-00-0F-99-6E-56
Status: Authz Success
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: in
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A8BAF0100004081B096F5E4
Acct Session ID: 0x0000BA29
Handle: 0xE30000DF
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
Logs:
4/28/17
4:12:52.000 PM
Apr 28 16:12:52 10.10.10.10 <189>54237752: 24840909: .Apr 28 16:12:50.418 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface Gi1/0/12, new MAC address (0800.0f24.6e56)
is seen.AuditSessionID Unassigned
host = 10.10.10.10 source = /software/syslogdepot/incoming/sso_syslog
sourcetype = cisco:ios
4/14/17
3:02:35.000 PM
Apr 14 15:02:35 10.10.10.10 <189>54215392: 24818549: .Apr 14 15:02:33.488 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface Gi1/0/12, new MAC address (0800.0f28.6e56)
is seen.AuditSessionID Unassigned
host = 10.10.10.10
source = /software/syslogdepot/incoming/sso_syslog
sourcetype = cisco:ios
Phone 5340 resets spontanious, below switch setting and error.
Switchport error contains multiple macaddresses
Customer uses ICE
SWITCH1#ses gi1/0/12
Interface: GigabitEthernet1/0/12
MAC Address: 0800.0f99.6e56
IP Address: 10.10.10.150
User-Name: 08-00-0F-99-6E-56
Status: Authz Success
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: in
Authorized By: Authentication Server
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A8BAF0100004081B096F5E4
Acct Session ID: 0x0000BA29
Handle: 0xE30000DF
Runnable methods list:
Method State
mab Authc Success
dot1x Not run
Logs:
4/28/17
4:12:52.000 PM
Apr 28 16:12:52 10.10.10.10 <189>54237752: 24840909: .Apr 28 16:12:50.418 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface Gi1/0/12, new MAC address (0800.0f24.6e56)
is seen.AuditSessionID Unassigned
host = 10.10.10.10 source = /software/syslogdepot/incoming/sso_syslog
sourcetype = cisco:ios
4/14/17
3:02:35.000 PM
Apr 14 15:02:35 10.10.10.10 <189>54215392: 24818549: .Apr 14 15:02:33.488 CEST: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface Gi1/0/12, new MAC address (0800.0f28.6e56)
is seen.AuditSessionID Unassigned
host = 10.10.10.10
source = /software/syslogdepot/incoming/sso_syslog
sourcetype = cisco:ios