Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How many MAC’s for Cisco IPT setup

So I have always used the following config:

switchport port-security maximum 2

But I was on the phone recently from TAC and they said I needed to set it to three maximum. Any idea if this is correct or should I keep

Hall of Fame Super Silver

Re: How many MAC’s for Cisco IPT setup

Hello Bill,

the explanation is that the first phone boot will happen in the untagged data vlan, so the port may see 3 MAC addresses:

phone and PC MAC address in data vlan

phone MAC address in voice vlan

It is enough to shut a port providing POE to a phone to see this by using sh mac address-table interface typex/y after no shut several times

so you need 3 MAC addresses for ports where an IP phone with a PC port connects to.

Hope to help


New Member

Re: How many MAC’s for Cisco IPT setup

So what about using something like this:

switchport port-security aging time 60
switchport port-security aging type inactivity 

switchport port-security maximum 2

I know if I leave it at maximum 3 I will get asked why I am leaving the possibility open for a rouge device to be plugged in. If I have to allow a third MAC I might as well not put port-security on the ports.

New Member

Re: How many MAC’s for Cisco IPT setup

just a rough thinking, a rogue user may may connect other rogue devices in place of the phones or pc.

>>switchport port-security maximum 2

the command merely restrict to 2 device per port, not to specific devices

a alternative solution, though it is not scalable. managing small number may still be okie.

>switchport port-security mac-address c_address>
>switchport port-security mac-address

a better solution may be 802.1x.