Switchport security

Unanswered Question
Mar 7th, 2007
User Badges:

I have a 3560 with version 12.2.25SEE3 and I would like to setup switchport security on all the ports. I noticed if I connect a IP phone to the switch it detects the phone but not the computer connected to it. Is there a work around? I would like to see all mac addresses and setup a rule to block additional macs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
diondohmen Wed, 03/07/2007 - 14:03
User Badges:

Hi there,

Did you already increase the port security maxcount to > 2? Default maxcount is 1, so this could be the reason why your ip phone is only working.

int fa0/x

switchport port-security maximum 2

Let me know if it worked.

dallascampbell32 Wed, 03/07/2007 - 16:40
User Badges:

I have increased the port-security max to 2. Could it be a vlan issue? Also If I wanted to setup access points on this switch do I change the switchport setting to adjust for the clients connecting to the switch? What is different about the configuration for APs?

Amit Singh Wed, 03/07/2007 - 21:04
User Badges:
  • Cisco Employee,


For port-security with IP phones enable, please set the MAX vlaue to 3 atleast. I have observed it during my labs that you need atleast Max mac count to be 3. When your IP phone is first detected on the port its mac-address is registered both in the voice vlan and data vlan.You r PC's MAC will be registered always in data vlan. For AP's you have set the MAX Mac-count value to the number of clients you want to allow on the AP.

-amit singh

hkdisneyland Thu, 05/03/2007 - 19:52
User Badges:


I've tried the configure the MAX mac value to 2 with IP Phone + PC connection. And it works fine. Will the configuration on that port be a matter? I mean configure the port as trunk mode or access mode?

compcruncher Wed, 05/09/2007 - 00:57
User Badges:

Hi, IP-fones and PC?s are Acces-devices you can?t configure ?the corresponding port as trunk. the AP -port may be configured as trunk if the AP supports trunking of Vlans.

Amit Singh Wed, 05/09/2007 - 02:31
User Badges:
  • Cisco Employee,

Hi Carsten,

I dont fully agree with you on this point. In older Layer2 switches like 2900XL and 3500XL, you had to configure the ports as TRUNK PORTS to connect the IP phones on the switchport. The IP phones used to work only with this configuration. But if you have newer switches like 3560's,3750's you dont have to configure the ports as trunk ports and have to configure the IP phone or PC to be a past of their access vlans.

HTH,Please rate if it does.

-amit singh

compcruncher Wed, 05/09/2007 - 02:36
User Badges:

thanks for your response, since we don?t as yet use IP-phones, i?m not fully acquainted with all the interiors...

Amit Singh Wed, 05/09/2007 - 02:42
User Badges:
  • Cisco Employee,

Carsten, No problems at all, just wanted to share some thoughts with you.Hope you will use it in future :)

BTW, Go For Cisco IPT in your network, a great experience :-)

-amit singh


This Discussion