10-09-2008 12:30 PM - edited 03-15-2019 01:51 PM
I'm running into a problem with VoIP phones not working properly when the port they are connected to is configured with "ip verify source port-security". It appears the phone boots and gets an IP address, but beyond that it just hangs. I do not have DHCP snooping enabled for the voice vlan, but enabling it doesn't seem to make any difference. (No IP binding shows up even when DHCP snooping is enabled on the voice vlan.) The switch in question is a 3750 running 12.2(44)SE2. Is there any way I can make this work short of turning off IP source guard?
10-09-2008 12:51 PM
Well, let's get some more informtaion before we throw out source guard. Did you enable the DHCP snooping on the data and voice VLANs? Have you tried staticly assigning the IP source bindings? Can you configure a eniffer on a span port to see what is actually happening on that port?
10-09-2008 01:07 PM
DHCP snooping is already on the data vlan, and the switch shows a binding on the port. Enabling DHCP snooping on the voice vlan doesn't change anything. (As I mentioned, I don't see a binding on the voice vlan on that port even with it DHCP snooping enabled for the voice vlan.) I haven't tried doing a static binding, and that isn't a good long term solution as I don't want to put my phones on static IPs. I'll track down the phone IP and try that to see if it is a short term fix. As far as using an RSPAN to sniff the port, will I see the traffic before or after the port-based ACL is applied?
10-09-2008 02:08 PM
I just tried putting in a static source binding and it doesn't work. I put in the static source binding and then added the "ip verify source port-security" line to the interface. Once I did that the phone lost connectivity and started displaying "Registering". After a few seconds that went away and it just sat there. The only stuff on the display was the normal lines it draws across the screen. Nothing was on the lines. (This is a 7941.) As soon as I turned that option back off, it was able to reconnect to the call manager and everything came back to normal.
Interestingly the output of "show ip verify source" didn't show anything for my voice vlan while I had it enabled for the port. It only shows a line for the data vlan.
11-11-2010 10:44 PM
after two years, i have hit into the same problem
Any one found a solution already?
thanks
11-04-2011 07:24 AM
I have same issues - DHCP snooping tables working ARP inspection working - and data no issues - however on Cisco Phones - when I enable 'ip source verify' phones have problems registering - as soon as I remove this line they work perfectly - I then changed this to 'ip source verify portsecurity' and they worked - but now I have intermittent issues - some phones still get stuck on registering... I am using DHCP for the phones - they are getting an IP and I see them in IP dhcp binding table ..
11-07-2011 06:36 PM
try upgrade to the newest verison of IOS, last time cisco tec told me it was a bug and resolved the new version. I tested with the new iso and it works fine
11-08-2011 05:53 AM
I just had to rollback from 15 to
Release:12.2.55-SE4
as there is a bug with 15 ....on some switches it gets out of memory ...:( could not even console to it - this is rather erratic as I had different switches some still worked although memory goes from 40% to 80% - others just keep working but are not managable ...
so IOS upgrade is out of the question for me!
any other ideas are welcome ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide