cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
373
Views
0
Helpful
2
Replies

Port-security black-holing PC's connected to an IP-Phone

cerp
Level 1
Level 1

We are running port-security on a 3750-48PS-S switch running C3750-ipbasek9-mz.122-25.SEE IOS and we are experiencing a strange problem. We have a data vlan and a voice vlan configured on each port, we then run port-security sticky on each port with a maximum of 2 mac-addresses. PC's are connected behind Cisco IP-Phones. This is our standard config and normally we have no problem. On this switch though as soon as we turn on port security all of the PC's are black-holed. You cant ping them, rdp to them, and from the user perspective they have no network access. The ip-phones work fine and we show the mac address from the phone and the pc as securesticky addresses. The switch never shows the ports down due to a port-security violation. As soon as I disable port-security the pc's are restored to traffic. I've included a sample of our port configs.

2 Replies 2

Edison Ortiz
Hall of Fame
Hall of Fame

Try these commands:

switchport port-security maximum 1 vlan voice

switchport port-security maximum 1 vlan access

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/command/reference/cli3.html#wp1948361

cerp
Level 1
Level 1

Found the problem...somehow the mac-address of the default-gateway router was entered/learned by one of the fast-ethernet ports and was written into the config as a sticky mac-address. So during the arp process all the PC's were fooled into thinking the default gateway was on a local ethernet port. Cleared the mac-address and everything is good now. Please close this thread.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco