Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port-security with voice vlan

Hi all,

I'm running into a bizarre issue trying to activate port-security on a 3750 switch with the ports in question connected to 7905 IP phones. I am trying to use the config shown below on the interface.

interface FastEthernet1/0/36

switchport access vlan 8

switchport trunk encapsulation dot1q

switchport mode trunk

switchport voice vlan 4

switchport port-security

switchport port-security mac-address 0011.9236.b02b vlan 4

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust device cisco-phone

mls qos trust cos

no mdix auto

storm-control broadcast level 10.00

storm-control multicast level 10.00

auto qos voip cisco-phone

spanning-tree portfast

I have five of these phone on this switch and in two cases I can apply this config with no issues. For the other three phones when I try to enter the static mac address is comes back to me with an error saying "found duplicate mac-address" and it refuses to accept the command. I am certain the mac address is correct and I've tried clearing the mac-address table on the interface and the mac address itself out of the CAM table. Still no luck. I've also tried removing the entire port-security configuration and re-applying it with no luck.

Anyone have any idea why this is happening and what I can do about it?

Thanks in advance for any assistance.

Cheers - Peter


Re: port-security with voice vlan


I think the issue here is that the MAC address is present on the access vlan and on the voice vlan(duplicate address). I would remove the from your config.

Also, this config might not do exactly what you want. I notice you have portfast configure on this port. If you do a "sh spann active det" and look up you port, the portfast feature will be disable. You might want to configure the mode to access. The phone will learn the voice vlan via cdp and portfast will be re-enable.(good if you are using bpduguard)

CreatePlease login to create content