Cisco Support Community
Community Member

port-security with voice vlan "Sticky"


I have the following :

Why does the Cisco 7960 phone NOT put a sticky mac address automatically under the switchport, just the PC does?

It seems to work, but am not sure why.

Also, I dont require "maximum macs" to be set to 3 do I? Like when you use Avaya?

Many thx indeed,



interface FastEthernet1/0/10

description IP Phone with desktop connected

switchport access vlan 10

switchport mode access

switchport voice vlan 20

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security mac-address sticky aaaa.bbbb.cccc

no ip address

duplex full

speed 100

priority-queue out

no mdix auto

switch#sh mac-address-table int fa 1/0/10

Mac Address Table


Vlan Mac Address Type Ports

---- ----------- -------- -----

10 aaaa.bbbb.cccc STATIC Fa1/0/10

20 dddd.eeee.ffff STATIC Fa1/0/10

Total Mac Addresses for this criterion: 2



Re: port-security with voice vlan "Sticky"

the normal procedure is to set max mac-address to 3 for port security

Community Member

Re: port-security with voice vlan "Sticky"

Hi there :)

Well I read this all the time, but my Cisco IPTs work with the setting of only two, and if I increase the maximum to 3, is this not creating a security hole?

Many thx for the reply and look forward to more comments :))



Community Member

Re: port-security with voice vlan "Sticky"

You have to do 3 because when the phone first boots up in goes into the default VLAN, not the voice VLAN. Once CDP kicks in, it goes into the voice VLAN

Community Member

Re: port-security with voice vlan "Sticky"

Umm. still a tad confused as all of my phones are working, as SecureDynamic and my PCs are SecureSticky, but I did configure the port-sec after the phone had been booted.

I think I will need to take a walk to where the phones are and power cycle the phone, to see if it breaks?

Will get back to you shortly :))

Cheers to all


Community Member

Re: port-security with voice vlan "Sticky"

Cisco Foundation Learning Guide pg 347 - "switchport port-security mac-address sticky" command cannot be used on ports where voice VLANs

are configured...(although the book does not elaborate as to why not...)

CreatePlease to create content