cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
494
Views
0
Helpful
3
Replies

Port-Security blocking on 1 mac

thanmad
Level 1
Level 1

Hi,

This is my first attempt at adding port-security but it looks like it should work to me. i'm trying to set a port so that users can only put 1 device on the end...for phones, the phone itself and 1 pc on the end. An example of my port is as follows:

interface FastEthernet0/6

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 141

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

no logging event link-status

storm-control broadcast level 20.00

storm-control multicast level 50.00

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree guard root

However, when a single user adds a single pc (or phone and pc) to these ports it goes into lockdown.

What am i missing?

3 Replies 3

dclark
Level 1
Level 1

Hi,

When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

"switchport port-security maximum 2 vlan access"

Will work

Routing and Switching Forums: http://www.routerie.com

Security Forums: http://www.securityie.com

Voice Forums: http://www.voiceie.com

thanmad
Level 1
Level 1

Is this because the phone starts in the "access" vlan for the first cdp packet when it powers up (poe/vlan)?

in that case would

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

work?

Is this because the phone starts in the "access" vlan for the first cdp packet when it powers up (poe/vlan)?

Well said - that's the reason why you need to allow to MAC-Addresses in the data Vlan.

Yes, your example will work.

___

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: