For many years we've had the following vlan and port security config on our 3560s:-
switchport access vlan 520
switchport mode access
switchport voice vlan 560
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security aging time 5
switchport port-security violation protect
switchport port-security aging type inactivity
This has worked great on 12.2(37)SE1, 12.2(40)SE and 12.2(46)SE. However since 12.2(50)SE, and I've tried all the versions since then, we have a problem with 7900 phones and ATA186s taking upwards of 20 minutes before they can get a valid IP number.
The problem on the newer IOSes seems to be related to the inactivity aging.
On the older IOS versions the mac address of the voice device appears on the voice vlan straight away.
On the newer IOS versions the mac address of the voice device appears on the DATA vlan and seems to be stuck there until the inactivity aging removes it. It then gets re-learned, sometimes on the voice vlan, and sometimes on the data vlan. If you're unlucky and it gets re-learned on the data vlan you've got to wait until the inactivity time ages the address out again. Repeat until the mac address eventually gets learned on the voice vlan.
Any ideas on how I can fix this problem, or if it's a known bug? I don't want to be stuck on 12.2(46)SE forever.