Port-Security blocking on 1 mac

Unanswered Question
Apr 23rd, 2009

Hi,

This is my first attempt at adding port-security but it looks like it should work to me. i'm trying to set a port so that users can only put 1 device on the end...for phones, the phone itself and 1 pc on the end. An example of my port is as follows:

interface FastEthernet0/6

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 141

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

no logging event link-status

storm-control broadcast level 20.00

storm-control multicast level 50.00

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree guard root

However, when a single user adds a single pc (or phone and pc) to these ports it goes into lockdown.

What am i missing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thanmad Thu, 04/23/2009 - 08:31

Is this because the phone starts in the "access" vlan for the first cdp packet when it powers up (poe/vlan)?

in that case would

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

work?

Edison Ortiz Thu, 04/23/2009 - 09:01

Is this because the phone starts in the "access" vlan for the first cdp packet when it powers up (poe/vlan)?

Well said - that's the reason why you need to allow to MAC-Addresses in the data Vlan.

Yes, your example will work.

___

Edison.

Actions

This Discussion