Port Security and VOIP Phones

Answered Question
Jun 8th, 2006
User Badges:

Does anybody know why port security must be configured to allow three MAC addresses when connected to a phone/workstation trunked port? I understand the phone has two MAC addresses and the workstation has one for a total of three but only two are showing as registered with the switch. If I drop the maximum MAC associations for the switchport down to two, the switchport goes into an err-disabled state. I guess my question is why does it require three if only two register? Thanks in advance.


-Erik

Correct Answer by amit-singh about 11 years 2 months ago

Hi Erik,


Yes, you are right. You need 3 mac-addresses in the port-security maximum mac addresses. This is because the fact that when you connect your IP phone and the PC at the back of it to the switch port, the IP phones mac-address is registered to both voice vlan and data vlan. You PC gets registered to data vlan. When it comes up first on the switch, you might want to see " show mac-address table" on the switch.It will show you the same thing


HTH, please rate if it does.


-amit singh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
vladrac-ccna Thu, 06/08/2006 - 09:03
User Badges:
  • Silver, 250 points or more

there's no need to set 3.


In our network is set to 2


Vlad

Correct Answer
amit-singh Thu, 06/08/2006 - 09:11
User Badges:
  • Blue, 1500 points or more

Hi Erik,


Yes, you are right. You need 3 mac-addresses in the port-security maximum mac addresses. This is because the fact that when you connect your IP phone and the PC at the back of it to the switch port, the IP phones mac-address is registered to both voice vlan and data vlan. You PC gets registered to data vlan. When it comes up first on the switch, you might want to see " show mac-address table" on the switch.It will show you the same thing


HTH, please rate if it does.


-amit singh

Actions

This Discussion