07-13-2009 03:32 AM - edited 03-17-2019 09:47 PM
Greeting
I am testing no cisco phone on 3750:
interface FastEthernet1/0/6
description testing
switchport access vlan 100
switchport mode access
switchport voice vlan 101
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust dscp
auto qos voip cisco-phone
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
end
and found that "switchport port-security"
will drop the phone's dhcp discovery packets.
When phone first time power on, it can get ip address from dhcp server; but, when you log out from current phone number, and the phone start to get ip address from dhcp again, the switch will drop the dhcp discover packets which the phone used to communicate with dhcp server.
I tried to increase max number to 6 (switchport port-security maximum 2) but it is not useful.
I did show port-security int command, and there is only one mac address on the interface.
I have also checked the mac address, and I can not see any violated to the security rules.
Could any one advice me:
- what the cause ?
- how can I debug it?
- if possible to fix it without disable the port security?
Any comments will be appreciated
thanks in advance
Solved! Go to Solution.
07-18-2009 10:54 AM
Start with cleaning the config a bit, basically for QoS all you need is the mls qos trust DSCP and nothing else, as for port security it would be adviced to have the max no to 3 to avoid issues.
yes it is possible to fix without disabling port security but start with cleaning your config from srr queue adjustments, auto qos can be removed it is so buggy still. then let us know how it looks like.
07-18-2009 10:54 AM
Start with cleaning the config a bit, basically for QoS all you need is the mls qos trust DSCP and nothing else, as for port security it would be adviced to have the max no to 3 to avoid issues.
yes it is possible to fix without disabling port security but start with cleaning your config from srr queue adjustments, auto qos can be removed it is so buggy still. then let us know how it looks like.
07-28-2009 05:57 PM
Great thanks for the reply, I have found the problem. the problem is the "switchport port-security aging time" has to be lower than 2. I have set it to 1 min.
Another question, we have been asked to set qos trust dscp, as:
mls qos trust dscp
can I get advice, if it will cause the workstation (PC/server) which plug into this port to get high priority treatment?
Please advice.
Many Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: