Just as a test can you remove the port security from an interface.
! int g1/0/13 shut no switchport port-security maximum 2 no switchport port-security maximum 1 vlan access no switchport port-security maximum 1 vlan voice no switchport port-security no switchport port-security mac-address sticky no shut !
Now look at the mac addresses that are learned on g1/0/13 once the phone has booted and the pc is online
show mac address-table dyn int g1/0/13
Iam sure you will see 3 addresses 2 - the PC & phone in the access vlan 1 - the phone in the voice vlan.
For me that means you have to apply your security as:-
! int g1/0/13 shut switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security switchport port-security mac-address sticky no shut !
The VoIP phones jump into the access VLAN just long enough to trip port security "IF" the VoIP MAC isn't already known by the interface config.
However, once the VoIP MAC is part of the interface config, things work as expected, and the phone MAC doesn't go into the access VLAN even after rebooting switch with saved config and/or phone.
Removing the VoIP MAC for the interface config with
clear port-security sticky interface
clear port-security all
will make the switch have to relearn the VoIP MAC and it will go into the access VLAN for a few seconds and trip port security.
So don't use those commands to clear port security. Use this command after finding the MAC address that caused the port security error in the switch log:
clear port-security sticky address xxxx.xxxx.xxxx
Anytime a phone is connected to a port for the very first time, let the phone boot up before connecting the PC so that the phone MAC jumps into the access VLAN and gets moved to the voice VLAN before the PC MAC registers in the access VLAN.
Like I said, once the VoIP MAC is part of the interface config, it doesn't matter if the PC is connected to the phone anymore. Things work as expected.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...