×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco Switch - Allow VoIP Disable ACCESS

Answered Question
May 11th, 2012
User Badges:

We have a situation where some switchports are in a public area with Cisco IP Phones connected.  We want to disable the ACCESS VLAN but allow the VOICE.  Is it best practice to just remove the 'switchport mode access' command?                  

Correct Answer by Marvin Rhoads about 5 years 3 months ago

That's one good step along the way.


If you really want to lock it down further use port-security and restrict the allowed MAC address to the single phone connected on a given port. That will put the port into err-disable if anything else is even plugged into it.


Otherwise someone could put their machine up on the phone VLAN, give themselves a static IP that the phone they displaced had gotten via DHCP, and possibly navigate around your network that way.


More advanced solutions would be use of 802.1x and/or ISE but that requires investment in products and significant configuration steps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Fri, 05/11/2012 - 15:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

That's one good step along the way.


If you really want to lock it down further use port-security and restrict the allowed MAC address to the single phone connected on a given port. That will put the port into err-disable if anything else is even plugged into it.


Otherwise someone could put their machine up on the phone VLAN, give themselves a static IP that the phone they displaced had gotten via DHCP, and possibly navigate around your network that way.


More advanced solutions would be use of 802.1x and/or ISE but that requires investment in products and significant configuration steps.

Actions

This Discussion

Related Content