dhcp discover frames not being forwarded

clark.ford · ‎06-25-2009

we have catalyst 4506 and 4507 switches serving both voice and data.

we have noticed that when soft rebooting a nortel 2004 phone it was taking 10 mins to reset.

a trace on the switchport serving the phone showed numerous dhcp discover frames being generated but not being replied to until 10 mins had elapsed.

a trace on the uplink trunks serving the switch showed only a single dhcp dicover frame after 10 mins.

the ports are all configured as

the following

interface FastEthernet2/3

switchport access vlan xxx

switchport mode access

switchport voice vlan xxx

switchport port-security maximum 5

switchport port-security

switchport port-security aging time 10

no snmp trap link-status

spanning-tree portfast

we removed the port security config and the phone rebooted fully after less than a minute.

we changed the time of the port security aging parameter and this directly affected how quickly the phone rebooted.

so... the port security config is stopping the switch forwarding dhcp discover frames for the period of the port security aging time.

can anyone explain why this is happening

the switches are running native ios 12.2(50)sg

this only occurs with soft reboots not cold reboots

Istvan_Rabai · ‎06-25-2009

Hi Clark,

Looking at your config the following may have happened:

The number of mac-addresses on the F2/3 port reached 5.

This is set with the "switchport port-security maximum 5" command.

Therefore the switch disabled learning of additional mac-addresses until the aging time of the oldest mac-address elapsed.

At that time the mac-address of the new nortel phone could be learned and traffic for it could be forwarded.

Cheers:

Istvan

clark.ford · ‎06-25-2009

Thanks for your response.

During the testing both the aging time and the max number of addreses were changed.

Only the aging time made a difference to the reboot time.