03-07-2007 12:56 PM - edited 03-05-2019 02:46 PM
I have a 3560 with version 12.2.25SEE3 and I would like to setup switchport security on all the ports. I noticed if I connect a IP phone to the switch it detects the phone but not the computer connected to it. Is there a work around? I would like to see all mac addresses and setup a rule to block additional macs.
03-07-2007 02:03 PM
Hi there,
Did you already increase the port security maxcount to > 2? Default maxcount is 1, so this could be the reason why your ip phone is only working.
int fa0/x
switchport port-security maximum 2
Let me know if it worked.
03-07-2007 04:40 PM
I have increased the port-security max to 2. Could it be a vlan issue? Also If I wanted to setup access points on this switch do I change the switchport setting to adjust for the clients connecting to the switch? What is different about the configuration for APs?
03-07-2007 09:04 PM
Hello,
For port-security with IP phones enable, please set the MAX vlaue to 3 atleast. I have observed it during my labs that you need atleast Max mac count to be 3. When your IP phone is first detected on the port its mac-address is registered both in the voice vlan and data vlan.You r PC's MAC will be registered always in data vlan. For AP's you have set the MAX Mac-count value to the number of clients you want to allow on the AP.
-amit singh
05-03-2007 07:52 PM
Hi,
I've tried the configure the MAX mac value to 2 with IP Phone + PC connection. And it works fine. Will the configuration on that port be a matter? I mean configure the port as trunk mode or access mode?
05-09-2007 12:57 AM
Hi, IP-fones and PC?s are Acces-devices you can?t configure ?the corresponding port as trunk. the AP -port may be configured as trunk if the AP supports trunking of Vlans.
05-09-2007 02:31 AM
Hi Carsten,
I dont fully agree with you on this point. In older Layer2 switches like 2900XL and 3500XL, you had to configure the ports as TRUNK PORTS to connect the IP phones on the switchport. The IP phones used to work only with this configuration. But if you have newer switches like 3560's,3750's you dont have to configure the ports as trunk ports and have to configure the IP phone or PC to be a past of their access vlans.
HTH,Please rate if it does.
-amit singh
05-09-2007 02:36 AM
thanks for your response, since we don?t as yet use IP-phones, i?m not fully acquainted with all the interiors...
05-09-2007 02:42 AM
Carsten, No problems at all, just wanted to share some thoughts with you.Hope you will use it in future :)
BTW, Go For Cisco IPT in your network, a great experience :-)
-amit singh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: