Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
5
Replies

Port Security

emmanuel.shoroma
Level 1
Level 1

‎09-23-2009 02:23 AM - edited ‎03-06-2019 07:50 AM

Hi, we have switch port security configured in our network.we have problem which seems to be related to IP phones. the IP phones seems to change the middle part of the MAC and the switch port shutdown as it takes that as a violation.we had two incidents of this nature. only the Middle part of the MAC seem to change and then goes back to normal again.

Can someone assist as to what causes this?

Labels:
0 Helpful
5 Replies 5

Peter Paluch
Cisco Employee
Cisco Employee

‎09-23-2009 03:47 AM

Hello,

A phone should not change its MAC address, that would be a strange thing to do. Can you post an example of the two MAC addresses with their different "middle parts"? Is it certain that the phones are responsible for this problems? Isn't it a routine MAC-spoofing attack?

Best regards,

Peter

0 Helpful

emmanuel.shoroma
Level 1
Level 1
In response to Peter Paluch

‎09-24-2009 09:59 PM

Hi,

Thanks for the reply. I also agree it is a strange thing but this happens for the second time and everytime wee trace the mac addresses, are mac addresses are Cisco MAC addresses and with a slight change/difference. see mac-addresses below

1. 001e.4a34.db0F - The correct MAC Address(IP Phone)

2. 001e.be91.db0F - The cause of the problem / spoofed MAC address

0 Helpful

dario.didio
Level 4
Level 4
In response to emmanuel.shoroma

‎09-24-2009 11:48 PM

Hi,

when using port-security in combination with an IP phone and a PC behind the phone, you should allow 3 MAC addresses in your port-security config.

One for the PC, one for the Phone and one for the internal switch of the phone.

HTH,

Dario

0 Helpful

davy.timmermans
Level 4
Level 4
In response to dario.didio

‎09-25-2009 01:09 AM

This extra configuration should be sufficient:

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

It's because the phone sends at startup an untagged packet to the switch in order to discover the voice vlan.

0 Helpful

emmanuel.shoroma
Level 1
Level 1
In response to davy.timmermans

‎09-25-2009 08:48 AM

thanks for the reply. From what I understand I need to configure three MAC addresses in total. Then how do I then get this phone's internal mac-address? there is only one mac-address of the phone.

the other thing we implemented switchport security for almost 2years now and we had only two issues of this kind. all the other ports are configured with maximum of two and configured the mac-address of the phones and the PC.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card