10-18-2006 10:57 PM - edited 03-13-2019 03:26 PM
I am really sorry to head the thred like this, but I am having issues when I configure the switchport below which has a HP PC pluged into the back of an Avaya Phone into the switchport.
Config on 3750 SMI Switch
!
interface FastEthernet1/0/x
description New Desktop Name
switchport access vlan 600
switchport trunk encapsulation dot1q
switchport trunk native vlan 600
switchport trunk allowed vlan 600,601
switchport mode trunk
switchport nonegotiate
service-policy input access_ingress
speed 100
duplex full
priority-queue out
spanning-tree portfast
switchport port-security
switchport port-security maximum 2 (IP Phone and desktop)
switchport port-security mac-address <Mac of IP Phone>
switchport port-security mac-address <Mac of IP Desktop>
!
Now If I configure this while eveything is on, it works fine. Then I try and shut the switchport and re-open it, just to test, and the switchport goes into error-dis
Is this a problem with the "maximum" and should I change this to 3, as a good workmate says it may use some internal switchport mac into the equation?
I just put this out to all, to see if this is a common experience also.
Many thx indeed,
Ken
10-19-2006 12:27 AM
Hi Ken
Your problem here is related (I think) to the way the Avaya system starts up .
Cisco phones receive a CDP message telling them which VLAN to use, and boot straight into that VLAN.
Avaya phones on the other hand do not listen to the CDP, so they boot into the native/access VLAN and get DHCP IP and the options configured. One of these options gives them a VLAN ID, and they then reboot into the correct intended voice VLAN.
I believe the port-security remembers MAC addresses in the voice vlan and the access vlan seperately - i.e. once in the voice-vlan it will appear in the config with voice-vlan after it.
A note from the 3750 manual:
*******************************************
Note When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The IP phone address is learned on the voice VLAN and might also be learned on the access VLAN. Connecting a PC to the IP phone requires additional MAC addresses.
*******************************************
Secondly, I'd suggest a different port config:
description New Desktop Name
switchport mode access
spanning-tree portfast
switchport access vlan 600
switchport voice vlan 601
switchport nonegotiate
service-policy input access_ingress
priority-queue out
switchport port-security
switchport port-security maximum 3
Setting it as an access-port with voice vlan leads to a tidier config (no need for vlan-allowed lists) and ensures that portfast still works - it won't be working with your config. if you configure a trunk, you need spanning-tree portfast trunk to allow portfast to still occur.
Also unless you have your phones configured for 100full you will have a duplex mismatch on the port - i think like Cisco you would have to set this on every handset which is usually not something that people do.
Regards
Aaron
Please rate helpful posts...
10-19-2006 06:02 AM
Hi Aaron,
This is most helpful indeed. Trying to rate post :) but not working :) will try later
Are there any other Avaya Funnies, and have lots of people experienced this issue?
Many kind regards indeed,
Ken
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide