Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
4
Replies

port-security problem

sunil-koul
Level 1
Level 1

‎04-17-2012 08:20 AM - edited ‎03-04-2019 04:02 PM

I have enabled port-security on 3550 switches and i am using voice and data and maximum secutity 2 and sticky.I am observing the ports go to error disabled as soon as phone is rebooted or resetted.

                                        Any one having solution for it.

Labels:
0 Helpful
4 Replies 4

burleyman
Level 8
Level 8

‎04-17-2012 08:39 AM

If I am not mistaken you will need to set it to 3 not 2. I think the reason is when the phone first boots up it thinks it is in the access vlan so with a PC connected as well that takes the 2 allowed. Then when the phone and switch realize it is a phone it tries to add the MAC address for the VoIP side but it has 2 already so it err-disables.

Mike

0 Helpful

Jan Hrnko
Level 4
Level 4

‎04-17-2012 08:44 AM

Hi,

The IP Phone can use 2 mac adresses, so you need to set the appropriate number of maximum mac adresses. Try to set it to 3.

Burleyman is right - according to this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swvoip.html#wp1030836

When you enable port security on an interface that  is also configured with a voice VLAN, you must set the maximum allowed  secure addresses on the port to at least two plus the maximum number of  secure addresses allowed on the access VLAN. When the port is connected  to a Cisco IP phone, the IP phone requires up to two MAC addresses. The  address of the IP phone is learned on the voice VLAN, and it might or  might not be learned on the access VLAN. Connecting a PC to the IP phone  requires additional MAC addresses.

Best regards,

Jan

0 Helpful

sunil-koul
Level 1
Level 1
In response to Jan Hrnko

‎04-18-2012 04:45 AM

yes we can do like this but i have noticed if we will allow maximum three and using sticky command.after few seconds access vlan will be associated with 1 mac and data vlan with 1 mac so then i can connect 1 more pc which will allow me to do that as it will allow for 1 more mac .I don't want that thing to happen.

0 Helpful

burleyman
Level 8
Level 8
In response to sunil-koul

‎04-18-2012 04:59 AM

Sunil,

I see your point but unfortunately that is how it works. In fact it says you cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card