Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2960/Avaya IP phone/Port security problem

This setup has been in place for some time; no new PC's or phones, no changes to switch. Using Avaya IP phones, 2960 POE switch (12.2.44SE6 since upgraded)

Voice VLAN 146 ; PC Vlan 140, below is a typical port config:

interface FastEthernet0/2

switchport access vlan 140

switchport mode access

switchport voice vlan 146

switchport port-security maximum 2

switchport port-security

switchport port-security violation protect

spanning-tree portfast

Port security was never triggered.

Started last week with one phone, a few more yesterday, couldn't contact the DHCP server . Upon review of the mac address table on the switch both devices were assigned to vlan 140. I reset the values on a few  phones, re-configured them for VLAN 146 but still did not work.

Removed port security from the ports and the phone jumped onto vlan 146 and now work.

This is a configuration I have in use in many places, any ideas why this would have happened ?

1 ACCEPTED SOLUTION

Accepted Solutions
Green

2960/Avaya IP phone/Port security problem

Hi,

Sorry for this delayed response.
I wanted to check in my lab today.

On my switch I have shut/noshut int fas 0/25

The phone boots on the DATA vlan 500, it then switches to
the VOICE vlan 501 and re-registers OK

The MAC table shows the MAC address x 2


Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
500    0016.caf2.750a    DYNAMIC     Fa0/25
501    0016.caf2.750a    DYNAMIC     Fa0/25
Total Mac Addresses for this criterion: 2
Desk_2960#

5 Minutes later after the MAC aging time has expired (300 seconds)
The MAC count reduces to 1

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
501    0016.caf2.750a    DYNAMIC     Fa0/25
Total Mac Addresses for this criterion: 1
Desk_2960#


So if you had a PC in the back of the PHONE too then you would see
3 MAC adds for 5 mins after reboot then reducing to to 2.

MAC security therefore need need to be set to allow MAX 3 addresss to

alllow reboots from scratch

I can only suggest that you MAC address security was added after the phones were working.

HTH
Alex
please rate useful posts.

Regards, Alex. Please rate useful posts.
4 REPLIES
Green

2960/Avaya IP phone/Port security problem

Hi,

Avaya/Nortel phones boot (DHCP requests) to the DATA Vlan 1st then they move to Voice Vlan

This is normal if option 191 VLAN discovery is set.

The phone does not drop the post on vlan switching

Try changing

switchport port-security maximum 2

to

switchport port-security maximum 3

Regards

Alex

Regards, Alex. Please rate useful posts.
New Member

2960/Avaya IP phone/Port security problem

Alex - Thanks for the response. This makes sense to me. I am curious that I have this config in many switches but this is the first time I am running into problems

Green

2960/Avaya IP phone/Port security problem

Hi,

Sorry for this delayed response.
I wanted to check in my lab today.

On my switch I have shut/noshut int fas 0/25

The phone boots on the DATA vlan 500, it then switches to
the VOICE vlan 501 and re-registers OK

The MAC table shows the MAC address x 2


Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
500    0016.caf2.750a    DYNAMIC     Fa0/25
501    0016.caf2.750a    DYNAMIC     Fa0/25
Total Mac Addresses for this criterion: 2
Desk_2960#

5 Minutes later after the MAC aging time has expired (300 seconds)
The MAC count reduces to 1

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
501    0016.caf2.750a    DYNAMIC     Fa0/25
Total Mac Addresses for this criterion: 1
Desk_2960#


So if you had a PC in the back of the PHONE too then you would see
3 MAC adds for 5 mins after reboot then reducing to to 2.

MAC security therefore need need to be set to allow MAX 3 addresss to

alllow reboots from scratch

I can only suggest that you MAC address security was added after the phones were working.

HTH
Alex
please rate useful posts.

Regards, Alex. Please rate useful posts.
New Member

2960/Avaya IP phone/Port security problem

Alex - Thanks for labbing that up.

Brian

3383
Views
0
Helpful
4
Replies
CreatePlease to create content