Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Switchport security

I have a 3560 with version 12.2.25SEE3 and I would like to setup switchport security on all the ports. I noticed if I connect a IP phone to the switch it detects the phone but not the computer connected to it. Is there a work around? I would like to see all mac addresses and setup a rule to block additional macs.

8 REPLIES
New Member

Re: Switchport security

Hi there,

Did you already increase the port security maxcount to > 2? Default maxcount is 1, so this could be the reason why your ip phone is only working.

int fa0/x

switchport port-security maximum 2

Let me know if it worked.

New Member

Re: Switchport security

I have increased the port-security max to 2. Could it be a vlan issue? Also If I wanted to setup access points on this switch do I change the switchport setting to adjust for the clients connecting to the switch? What is different about the configuration for APs?

Cisco Employee

Re: Switchport security

Hello,

For port-security with IP phones enable, please set the MAX vlaue to 3 atleast. I have observed it during my labs that you need atleast Max mac count to be 3. When your IP phone is first detected on the port its mac-address is registered both in the voice vlan and data vlan.You r PC's MAC will be registered always in data vlan. For AP's you have set the MAX Mac-count value to the number of clients you want to allow on the AP.

-amit singh

New Member

Re: Switchport security

Hi,

I've tried the configure the MAX mac value to 2 with IP Phone + PC connection. And it works fine. Will the configuration on that port be a matter? I mean configure the port as trunk mode or access mode?

New Member

Re: Switchport security

Hi, IP-fones and PC?s are Acces-devices you can?t configure ?the corresponding port as trunk. the AP -port may be configured as trunk if the AP supports trunking of Vlans.

Cisco Employee

Re: Switchport security

Hi Carsten,

I dont fully agree with you on this point. In older Layer2 switches like 2900XL and 3500XL, you had to configure the ports as TRUNK PORTS to connect the IP phones on the switchport. The IP phones used to work only with this configuration. But if you have newer switches like 3560's,3750's you dont have to configure the ports as trunk ports and have to configure the IP phone or PC to be a past of their access vlans.

HTH,Please rate if it does.

-amit singh

New Member

Re: Switchport security

thanks for your response, since we don?t as yet use IP-phones, i?m not fully acquainted with all the interiors...

Cisco Employee

Re: Switchport security

Carsten, No problems at all, just wanted to share some thoughts with you.Hope you will use it in future :)

BTW, Go For Cisco IPT in your network, a great experience :-)

-amit singh

149
Views
0
Helpful
8
Replies
CreatePlease login to create content