Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no sticky voip-phone mac-address, why/ how ?

Hi there,

We're having a port-security problem while using a voice vlan on a switch interface (WS-C4506).

The objective:

A Cisco voip-phone and a user-desktop machine connected to the same interface. The mac addresses

of both these devices should be flagged as being sticky so that whenever (one of) these

devices gets removed and a third device/ mac-address is connected to the interface, the interface will be port-sec

error disabled.

Now it seems that only the mac-address of the accesvlan device, the user desktop, gets flagged as being

sticky, while the mac-address of the voip-phone turns out to be dynamic.

Is there a way to make the voip mac-addres sticky? Or is there another way to reach the objective as described?

Any help is much appreciated!

Here the config of the interface + a show port-sec int

interface FastEthernet6/42

description !41G02A19-C207

switchport access vlan 684

switchport mode access

switchport voice vlan 602

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0013.72b7.27e0 << user-desktop

service-policy output autoqos-voip-policy

qos trust device cisco-phone

qos trust cos

auto qos voip cisco-phone

tx-queue 3

priority high

shape percent 33

spanning-tree portfast

spanning-tree bpduguard enable

end

KOG-SW-G01#sh port-security int fa6/42

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 2

Total MAC Addresses : 2

Configured MAC Addresses : 0

Sticky MAC Addresses : 1

Last Source Address:Vlan : 000f.9089.6864:602 << voip-phone

Security Violation Count : 0

1 REPLY
Bronze

Re: no sticky voip-phone mac-address, why/ how ?

Here is the configuration guide for the port security follow the guide which will help you :

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/port_sec.html#wp1070666

521
Views
0
Helpful
1
Replies
CreatePlease login to create content