Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port-security problem

I have enabled port-security on 3550 switches and i am using voice and data and maximum secutity 2 and sticky.I am observing the ports go to error disabled as soon as phone is rebooted or resetted.

                                        Any one having solution for it.

4 REPLIES

port-security problem

If I am not mistaken you will need to set it to 3 not 2. I think the reason is when the phone first boots up it thinks it is in the access vlan so with a PC connected as well that takes the 2 allowed. Then when the phone and switch realize it is a phone it tries to add the MAC address for the VoIP side but it has 2 already so it err-disables.

Mike

Silver

Re: port-security problem

Hi,

The IP Phone can use 2 mac adresses, so you need to set the appropriate number of maximum mac adresses. Try to set it to 3.

Burleyman is right - according to this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swvoip.html#wp1030836

When you enable port security on an interface that  is also configured with a voice VLAN, you must set the maximum allowed  secure addresses on the port to at least two plus the maximum number of  secure addresses allowed on the access VLAN. When the port is connected  to a Cisco IP phone, the IP phone requires up to two MAC addresses. The  address of the IP phone is learned on the voice VLAN, and it might or  might not be learned on the access VLAN. Connecting a PC to the IP phone  requires additional MAC addresses.

Best regards,

Jan

New Member

port-security problem

yes we can do like this but i have noticed if we will allow maximum three and using sticky command.after few seconds access vlan will be associated with 1 mac and data vlan with 1 mac so then i can connect 1 more pc which will allow me to do that as it will allow for 1 more mac .I don't want that thing to happen.

port-security problem

Sunil,

I see your point but unfortunately that is how it works. In fact it says you cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

Mike

254
Views
0
Helpful
4
Replies
CreatePlease login to create content