07-10-2008 04:30 AM
Hi there,
We're having a port-security problem while using a voice vlan on a switch interface (WS-C4506).
The objective:
A Cisco voip-phone and a user-desktop machine connected to the same interface. The mac addresses
of both these devices should be flagged as being sticky so that whenever (one of) these
devices gets removed and a third device/ mac-address is connected to the interface, the interface will be port-sec
error disabled.
Now it seems that only the mac-address of the accesvlan device, the user desktop, gets flagged as being
sticky, while the mac-address of the voip-phone turns out to be dynamic.
Is there a way to make the voip mac-addres sticky? Or is there another way to reach the objective as described?
Any help is much appreciated!
Here the config of the interface + a show port-sec int
interface FastEthernet6/42
description !41G02A19-C207
switchport access vlan 684
switchport mode access
switchport voice vlan 602
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0013.72b7.27e0 << user-desktop
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
priority high
shape percent 33
spanning-tree portfast
spanning-tree bpduguard enable
end
KOG-SW-G01#sh port-security int fa6/42
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 2
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 000f.9089.6864:602 << voip-phone
Security Violation Count : 0
07-16-2008 05:52 AM
Here is the configuration guide for the port security follow the guide which will help you :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide