Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Cisco Switch - Allow VoIP Disable ACCESS

We have a situation where some switchports are in a public area with Cisco IP Phones connected.  We want to disable the ACCESS VLAN but allow the VOICE.  Is it best practice to just remove the 'switchport mode access' command?                  

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Cisco Switch - Allow VoIP Disable ACCESS

That's one good step along the way.

If you really want to lock it down further use port-security and restrict the allowed MAC address to the single phone connected on a given port. That will put the port into err-disable if anything else is even plugged into it.

Otherwise someone could put their machine up on the phone VLAN, give themselves a static IP that the phone they displaced had gotten via DHCP, and possibly navigate around your network that way.

More advanced solutions would be use of 802.1x and/or ISE but that requires investment in products and significant configuration steps.

2 REPLIES
Hall of Fame Super Silver

Cisco Switch - Allow VoIP Disable ACCESS

That's one good step along the way.

If you really want to lock it down further use port-security and restrict the allowed MAC address to the single phone connected on a given port. That will put the port into err-disable if anything else is even plugged into it.

Otherwise someone could put their machine up on the phone VLAN, give themselves a static IP that the phone they displaced had gotten via DHCP, and possibly navigate around your network that way.

More advanced solutions would be use of 802.1x and/or ISE but that requires investment in products and significant configuration steps.

New Member

Cisco Switch - Allow VoIP Disable ACCESS

Good idea, I will also add port security.

474
Views
0
Helpful
2
Replies
CreatePlease to create content