Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1852
Views
0
Helpful
5
Replies

port-security with voice vlan "Sticky"

kfarrington
Level 3
Level 3

‎08-07-2007 05:29 AM - edited ‎03-14-2019 10:58 PM

Guys,

I have the following :

Why does the Cisco 7960 phone NOT put a sticky mac address automatically under the switchport, just the PC does?

It seems to work, but am not sure why.

Also, I dont require "maximum macs" to be set to 3 do I? Like when you use Avaya?

Many thx indeed,

Ken

!

interface FastEthernet1/0/10

description IP Phone with desktop connected

switchport access vlan 10

switchport mode access

switchport voice vlan 20

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security mac-address sticky aaaa.bbbb.cccc

no ip address

duplex full

speed 100

priority-queue out

no mdix auto

switch#sh mac-address-table int fa 1/0/10

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

10 aaaa.bbbb.cccc STATIC Fa1/0/10

20 dddd.eeee.ffff STATIC Fa1/0/10

Total Mac Addresses for this criterion: 2

switch#

Labels:
0 Helpful
5 Replies 5

b.hsu
Level 5
Level 5

‎08-13-2007 05:59 AM

the normal procedure is to set max mac-address to 3 for port security

0 Helpful

kfarrington
Level 3
Level 3
In response to b.hsu

‎08-13-2007 06:06 AM

Hi there :)

Well I read this all the time, but my Cisco IPTs work with the setting of only two, and if I increase the maximum to 3, is this not creating a security hole?

Many thx for the reply and look forward to more comments :))

Thx

Ken

0 Helpful

e.huntley
Level 1
Level 1
In response to kfarrington

‎08-13-2007 06:52 AM

You have to do 3 because when the phone first boots up in goes into the default VLAN, not the voice VLAN. Once CDP kicks in, it goes into the voice VLAN

0 Helpful

kfarrington
Level 3
Level 3
In response to e.huntley

‎08-13-2007 06:56 AM

Umm. still a tad confused as all of my phones are working, as SecureDynamic and my PCs are SecureSticky, but I did configure the port-sec after the phone had been booted.

I think I will need to take a walk to where the phones are and power cycle the phone, to see if it breaks?

Will get back to you shortly :))

Cheers to all

Ken

0 Helpful

tgryting
Level 1
Level 1

‎11-14-2010 03:36 PM

Cisco Foundation Learning Guide pg 347 - "switchport port-security mac-address sticky" command cannot be used on ports where voice VLANs

are configured...(although the book does not elaborate as to why not...)

0 Helpful
Customers Also Viewed These Support Documents