Port security Interaction with Tandberg
Port security configured on 3750 with below configuration:-
switchport access vlan 81
switchport mode access
switchport voice vlan 2081
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 5
switchport port-security aging type inactivity
ip arp inspection limit rate 10
no logging event link-status
srr-queue bandwidth share 1 25 60 5
priority-queue out
no snmp trap link-status
mls qos vlan-based
no mdix auto
storm-control broadcast level 1.00
storm-control multicast level 15.00
storm-control action shutdown
storm-control action trap
ip dhcp snooping limit rate 10
Tandberg device set with Voice Vlan off.
The switch will always treat the Tandberg device in Voice vlan.As the tandberg is set with voice vlan off , the device wont work.This behaviour is only seen with Psec enabled on the port.Without Psec the switch will treat the Tandberg in data vlan.
The implementation of port-security assumes that any device advertising themselves as an IP Phone will move to the voice vlan when the voice vlan
information is being advertised.
In the situation with the tandberg CTS is advertising itself as an IP phone and is being send the voice vlan information via CDP.On the tandberg device there is an option explicitly configured that will make the tandberg device ignore the voice vlan information present in the CDP packets. Psec forces the mac address of the Tandberg device into Voice vlan since this a security feature. This as an expected behaviour with the Psec feature.