08-07-2007 05:29 AM - edited 03-14-2019 10:58 PM
Guys,
I have the following :
Why does the Cisco 7960 phone NOT put a sticky mac address automatically under the switchport, just the PC does?
It seems to work, but am not sure why.
Also, I dont require "maximum macs" to be set to 3 do I? Like when you use Avaya?
Many thx indeed,
Ken
!
interface FastEthernet1/0/10
description IP Phone with desktop connected
switchport access vlan 10
switchport mode access
switchport voice vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky aaaa.bbbb.cccc
no ip address
duplex full
speed 100
priority-queue out
no mdix auto
switch#sh mac-address-table int fa 1/0/10
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 aaaa.bbbb.cccc STATIC Fa1/0/10
20 dddd.eeee.ffff STATIC Fa1/0/10
Total Mac Addresses for this criterion: 2
switch#
08-13-2007 05:59 AM
the normal procedure is to set max mac-address to 3 for port security
08-13-2007 06:06 AM
Hi there :)
Well I read this all the time, but my Cisco IPTs work with the setting of only two, and if I increase the maximum to 3, is this not creating a security hole?
Many thx for the reply and look forward to more comments :))
Thx
Ken
08-13-2007 06:52 AM
You have to do 3 because when the phone first boots up in goes into the default VLAN, not the voice VLAN. Once CDP kicks in, it goes into the voice VLAN
08-13-2007 06:56 AM
Umm. still a tad confused as all of my phones are working, as SecureDynamic and my PCs are SecureSticky, but I did configure the port-sec after the phone had been booted.
I think I will need to take a walk to where the phones are and power cycle the phone, to see if it breaks?
Will get back to you shortly :))
Cheers to all
Ken
11-14-2010 03:36 PM
Cisco Foundation Learning Guide pg 347 - "switchport port-security mac-address sticky" command cannot be used on ports where voice VLANs
are configured...(although the book does not elaborate as to why not...)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide