I am testing no cisco phone on 3750:
switchport access vlan 100
switchport mode access
switchport voice vlan 101
switchport port-security maximum 2
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust dscp
auto qos voip cisco-phone
macro description cisco-phone
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
and found that "switchport port-security"
will drop the phone's dhcp discovery packets.
When phone first time power on, it can get ip address from dhcp server; but, when you log out from current phone number, and the phone start to get ip address from dhcp again, the switch will drop the dhcp discover packets which the phone used to communicate with dhcp server.
I tried to increase max number to 6 (switchport port-security maximum 2) but it is not useful.
I did show port-security int command, and there is only one mac address on the interface.
I have also checked the mac address, and I can not see any violated to the security rules.
Could any one advice me:
- what the cause ?
- how can I debug it?
- if possible to fix it without disable the port security?
Any comments will be appreciated
thanks in advance
Start with cleaning the config a bit, basically for QoS all you need is the mls qos trust DSCP and nothing else, as for port security it would be adviced to have the max no to 3 to avoid issues.
yes it is possible to fix without disabling port security but start with cleaning your config from srr queue adjustments, auto qos can be removed it is so buggy still. then let us know how it looks like.