Port-security black-holing PC's connected to an IP-Phone

Unanswered Question

We are running port-security on a 3750-48PS-S switch running C3750-ipbasek9-mz.122-25.SEE IOS and we are experiencing a strange problem. We have a data vlan and a voice vlan configured on each port, we then run port-security sticky on each port with a maximum of 2 mac-addresses. PC's are connected behind Cisco IP-Phones. This is our standard config and normally we have no problem. On this switch though as soon as we turn on port security all of the PC's are black-holed. You cant ping them, rdp to them, and from the user perspective they have no network access. The ip-phones work fine and we show the mac address from the phone and the pc as securesticky addresses. The switch never shows the ports down due to a port-security violation. As soon as I disable port-security the pc's are restored to traffic. I've included a sample of our port configs.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Found the problem...somehow the mac-address of the default-gateway router was entered/learned by one of the fast-ethernet ports and was written into the config as a sticky mac-address. So during the arp process all the PC's were fooled into thinking the default gateway was on a local ethernet port. Cleared the mac-address and everything is good now. Please close this thread.

Actions

This Discussion