Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
1
Replies

Cisco VOIP and port security

NormMuelleman
Level 1
Level 1

‎07-10-2013 09:44 AM - edited ‎03-16-2019 06:18 PM

I've been having an argument with a "federal employee" about VOIP issues, MAC address port security, etc. So here's the scenario:

We use Cisco phones, with PC's plugged into their "trunk" ports, for network connectivity. Each switchport is configured for a voice vlan and an access vlan.

We use port-security on each switch, coupled with switchport port-security, mac sticky, etc.

About 2 years ago, the common practice was to configure 3 mac addresses on each port. The reason was that the phone would populate both the data and voice vlan when it was configuring, and we still had to connect with the attached PC. But then, there was a directive that said to change this because this had been corrected.

So, currently , we were configuring security as:

switchport port-security

switchport port-security mac-address sticky

switchport port-security maximum 2

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

I'm not the big voice guy. But as I understand the process, the phone will power on. The switch, through cdp neighbor, will give the phone it's voice vlan assignment. The phone will then start tagging packets and start the dhcp process and start registering with CUCM. But it no longer does the double mac address thing.

The argument by this "federal employee" is based on the old assumptions with double tagging by the phone. But I know this was resolved in a newer IOS.

Can someone please steer me to the article that draws this out?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

cisco4lct
Level 1
Level 1

‎04-10-2014 10:09 AM

We have this problem also.  Does anyone have an answer?

We're using cisco 3750x with IOS version 15.0(2)SE4 and Nortel 1120E VoIP phones.

During startup the Phone with PC attached registers it's MAC in the access vlan before moving to voice vlan, thus tripping port security on the access vlan.

I'm a federal employee as well, we need this resolved ASAP or should I create a TAC case.

Thanks,

Larry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents