Port-Security on 4500-6500

tavares.j · ‎12-04-2009

I was hoping to get some more info on port-security and how it should work.

Senario. We run a Data vlan and a Voice vlan. When adding Port-secuirty will this affect the voice vlan on the port? We are using Cisco IP phones and there are times we will need to swap the phones out with new ones. Will Port-secuirty affect the phones or just the devices plugged into the phones? Any help appreciated.

Example of our config,

Switchport mode access

Switchport access vlan 123

Switchport voice vlan 124

Spanning-tree portfast

What would be the best way to allow port security on just PC's so that the phones will not be affected?

Panos Kampanakis · ‎12-04-2009

From http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_example09186a0080722cdb.shtml I would suggest on top of your config to use

# Update the Voice VLAN value which should be
# different from data VLAN
# Recommended value for voice vlan should not be 1
switchport voice vlan $voice_vlan

# Enable port security limiting port to a 2 MAC
# addressess -- One for desktop on data vlan and
# one for phone on voice vlan
switchport port-security
switchport port-security maximum 2

# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity

I hope it helps.

PK