Does anybody know why port security must be configured to allow three MAC addresses when connected to a phone/workstation trunked port? I understand the phone has two MAC addresses and the workstation has one for a total of three but only two are showing as registered with the switch. If I drop the maximum MAC associations for the switchport down to two, the switchport goes into an err-disabled state. I guess my question is why does it require three if only two register? Thanks in advance.
Yes, you are right. You need 3 mac-addresses in the port-security maximum mac addresses. This is because the fact that when you connect your IP phone and the PC at the back of it to the switch port, the IP phones mac-address is registered to both voice vlan and data vlan. You PC gets registered to data vlan. When it comes up first on the switch, you might want to see " show mac-address table" on the switch.It will show you the same thing
HTH, please rate if it does.