Hi there,

We're having a port-security problem while using a voice vlan on a switch interface (WS-C4506).

The objective:

A Cisco voip-phone and a user-desktop machine connected to the same interface. The mac addresses

of both these devices should be flagged as being sticky so that whenever (one of) these

devices gets removed and a third device/ mac-address is connected to the interface, the interface will be port-sec

error disabled.

Now it seems that only the mac-address of the accesvlan device, the user desktop, gets flagged as being

sticky, while the mac-address of the voip-phone turns out to be dynamic.

Is there a way to make the voip mac-addres sticky? Or is there another way to reach the objective as described?

Any help is much appreciated!

Here the config of the interface + a show port-sec int

interface FastEthernet6/42

description !41G02A19-C207

switchport access vlan 684

switchport mode access

switchport voice vlan 602

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0013.72b7.27e0 << user-desktop

service-policy output autoqos-voip-policy

qos trust device cisco-phone

qos trust cos

auto qos voip cisco-phone

tx-queue 3

priority high

shape percent 33

spanning-tree portfast

spanning-tree bpduguard enable

end

KOG-SW-G01#sh port-security int fa6/42

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 2

Total MAC Addresses : 2

Configured MAC Addresses : 0

Sticky MAC Addresses : 1

Last Source Address:Vlan : 000f.9089.6864:602 << voip-phone

Security Violation Count : 0