Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Port Security

Hi, we have switch port security configured in our network.we have problem which seems to be related to IP phones. the IP phones seems to change the middle part of the MAC and the switch port shutdown as it takes that as a violation.we had two incidents of this nature. only the Middle part of the MAC seem to change and then goes back to normal again.

Can someone assist as to what causes this?

Cisco Employee

Re: Port Security


A phone should not change its MAC address, that would be a strange thing to do. Can you post an example of the two MAC addresses with their different "middle parts"? Is it certain that the phones are responsible for this problems? Isn't it a routine MAC-spoofing attack?

Best regards,


Community Member

Re: Port Security


Thanks for the reply. I also agree it is a strange thing but this happens for the second time and everytime wee trace the mac addresses, are mac addresses are Cisco MAC addresses and with a slight change/difference. see mac-addresses below

1. 001e.4a34.db0F - The correct MAC Address(IP Phone)

2. 001e.be91.db0F - The cause of the problem / spoofed MAC address


Re: Port Security


when using port-security in combination with an IP phone and a PC behind the phone, you should allow 3 MAC addresses in your port-security config.

One for the PC, one for the Phone and one for the internal switch of the phone.



Re: Port Security

This extra configuration should be sufficient:

switchport port-security maximum 2 vlan access

switchport port-security maximum 1 vlan voice

It's because the phone sends at startup an untagged packet to the switch in order to discover the voice vlan.

Community Member

Re: Port Security

thanks for the reply. From what I understand I need to configure three MAC addresses in total. Then how do I then get this phone's internal mac-address? there is only one mac-address of the phone.

the other thing we implemented switchport security for almost 2years now and we had only two issues of this kind. all the other ports are configured with maximum of two and configured the mac-address of the phones and the PC.

CreatePlease to create content