Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3853
Views
0
Helpful
8
Replies

UC540 + SG500

CHRIS YEO
Level 1
Level 1

‎11-21-2012 11:51 AM

Guys,

So I have a bug to talk about.  We are implementing a  new system here, and by default the ipphone + desktop role has 10 mac  addresses that it allows, I thought this was strange since on the 2960's  that was not the case.  So I set the mac filter to 2, which should  work, but low and behold it doesn't.

So there is an  issue, and most likely with the switch, but this is a bad setup, we  should be able to assign this to filter to 2 mac's and have this work.

Has anyone else tried this?

Thanks!

Chris

Labels:
0 Helpful
8 Replies 8

Tom Watts
VIP Alumni
VIP Alumni

‎11-21-2012 03:31 PM

Hello Chris, the issue you are running in to is relatively expected.

To fix the problem, use 3 mac address limit instead of 2. The reason being, the phone mac address will report twice, once for data vlan and another time for voice vlan while your pc will report for the data vlan only, therfore registering 3 mac address on the interface.

Please observe the first command show mac address-table. This will show my IP phone (spa509) and my computer.

I then modified the macro within the GUI for 3 mac address and nothing changes which is verified by show run int gi1/1/1.

Next, I modified again for only 2 ports. As you can see the console output, the port locked. Then another show run int g1/1/1, as you see limit is 2 mac.

switchb298d7#
switchb298d7#
switchb298d7#config t
switchb298d7(config)#v02-Feb-2012 10:13:50 %LINK-W-Down:  gi1/1/1
02-Feb-2012 10:13:50 %LINK-W-Down:  Vlan 1
oice vlan ad02-Feb-2012 10:13:52 %LINK-I-Up:  gi1/1/1
02-Feb-2012 10:13:52 %LINK-I-Up:  Vlan 1
 100
% Unrecognized command
switchb298d7(config)#voice vlan id 1002-Feb-2012 10:13:56 %STP-W-PORTSTATUS: gi1
/1/1: STP status Forwarding
0
For Auto Voice VLAN, changes in the voice VLAN ID, CoS/802.1p, and/or DSCP will
cause the switch to advertise the administrative voice VLAN as static voice VLAN
 which has higher priority than voice VLAN learnt from external sources.
Are you sure you want to continue? (Y/N)[Y] Y
02-Feb-2012 10:13:58 %VLAN-I-VoiceVlanCreated: Voice Vlan ID 100 was created
switchb298d7(config)#02-Feb-2012 10:13:58 %LINK-I-Up:  Vlan 100

switchb298d7(config)#
switchb298d7(config)#
switchb298d7(config)#do show run int gi1/1/1

interface gigabitethernet1/1/1

 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 macro description ip_phone_desktop
 switchport trunk allowed vlan add 100
 !next command is internal.
 macro auto smartport dynamic_type ip_phone_desktop
!
switchb298d7(config)#int vlan 1

switchb298d7(config-if)#ip a02-Feb-2012 10:14:13 %VLAN-I-ReceivedFromVSDP: Voice

 VLAN updated by VSDP. Voice VLAN-ID 100, VPT 5, DSCP 46
02-Feb-2012 10:14:13 %LINK-W-Down:  Vlan 100
ddress 192.168.1.202-Feb-2012 10:14:16 %LINK-W-Down:  gi1/1/1
02-Feb-2012 10:14:16 %LINK-W-Down:  Vlan 1
54 /24
switchb298d7(config-if)#02-Feb-2012 10:14:17 %SYSLOG-N-LOGGING: Logging started.


switchb298d7(config-if)#
switchb298d7(config-if)#02-Feb-2012 10:14:19 %LINK-I-Up:  gi1/1/1
02-Feb-2012 10:14:19 %LINK-I-Up:  Vlan 1
02-Feb-2012 10:14:23 %LINK-W-Down:  gi1/1/1
02-Feb-2012 10:14:23 %LINK-W-Down:  Vlan 1
02-Feb-2012 10:14:25 %LINK-I-Up:  gi1/1/1, aggregated (1)
02-Feb-2012 10:14:25 %LINK-I-Up:  Vlan 1, aggregated (1)
02-Feb-2012 10:14:29 %STP-W-PORTSTATUS: gi1/1/1: STP status Forwarding
02-Feb-2012 10:14:36 %LINK-W-Down:  gi1/1/1, aggregated (1)
02-Feb-2012 10:14:36 %LINK-W-Down:  Vlan 1, aggregated (1)

02-Feb-2012 10:14:38 %LINK-I-Up:  gi1/1/1, aggregated (1)

02-Feb-2012 10:14:38 %LINK-I-Up:  Vlan 1, aggregated (1)
02-Feb-2012 10:14:42 %LINK-I-Up:  Vlan 100

switchb298d7(config-if)#
switchb298d7(config-if)#
switchb298d7(config-if)#exit

switchb298d7(config)#exit

switchb298d7#show mac address-table

Aging time is 300 sec



  Vlan        Mac Address         Port       Type
-------- --------------------- ---------- ----------
switchb298d7#show inte
switchb298d7#show interfaces sta
switchb298d7#show interfaces status in
   1       00:23:8b:44:5a:ed    gi1/1/1    dynamic
   1       64:9e:f3:77:5e:5d    gi1/1/1    dynamic
   1       e0:5f:b9:b2:98:d7       0         self
  100      64:9e:f3:77:5e:5d    gi1/1/1    dynamic

switchb298d7#02-Feb-2012 10:14:42 %STP-W-PORTSTATUS: gi1/1/1: STP status Forward

ing, aggregated (1)
02-Feb-2012 10:16:50 %AAA-I-CONNECT: New http connection for user cisco, source
192.168.1.10 destination 192.168.1.254 ACCEPTED

02-Feb-2012 10:17:26 %LINK-W-Down:  Vlan 100


switchb298d7#
switchb298d7#config t
switchb298d7(config)#int gi1/1/1
switchb298d7(config-if)#shutdown
switchb298d7(config-if)#no shut
switchb298d7(config-if)#
switchb298d7(config-if)#
switchb298d7(config-if)#
switchb298d7(config-if)#
switchb298d7(config-if)#
switchb298d7(config-if)#exit
switchb298d7(config)#exit

switchb298d7#show interfaces status gi1/1/1
                                             Flow Link          Back   Mdix
Port     Type         Duplex  Speed Neg      ctrl State       Pressure Mode
-------- ------------ ------  ----- -------- ---- ----------- -------- -------
gi1/1/1  1G-Copper    Full    100   Enabled  Off  Up          Disabled On
switchb298d7#
switchb298d7#show run int gi1/1/1
Empty configuration
switchb298d7#
switchb298d7#
switchb298d7#show vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1         fa1/2/1-48,gi1/1/1-52,        Default      Required

                       gi1/2/1-4,fa2/2/1-48,

                       gi2/1/1-52,gi2/2/1-4,
                       fa3/2/1-48,gi3/1/1-52,
                       gi3/2/1-4,fa4/2/1-48,
                       gi4/1/1-52,gi4/2/1-4,Po1-8
100         100                  gi1/1/1              static      Required

switchb298d7#
switchb298d7#show run int gi1/1/1
interface gigabitethernet1/1/1
 storm-control broadcast enable
 storm-control broadcast level 10
 storm-control include-multicast
 port security max 3
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 macro description ip_phone_desktop
 switchport trunk allowed vlan add 100
 !next command is internal.
 macro auto smartport dynamic_type ip_phone_desktop
!
switchb298d7#
switchb298d7#
switchb298d7#config02-Feb-2012 10:17:41 %LINK-W-Down:  gi1/1/1, aggregated (1)
02-Feb-2012 10:17:41 %LINK-W-Down:  Vlan 1, aggregated (1)
02-Feb-2012 10:17:53 %STP-W-PORTSTATUS: gi1/1/1: STP status Forwarding, aggregat
ed (1)
02-Feb-2012 10:17:53 %LINK-I-Up:  gi1/1/1, aggregated (1)
02-Feb-2012 10:17:53 %LINK-I-Up:  Vlan 1, aggregated (1)
02-Feb-2012 10:18:50 %LINK-W-Down:  Vlan 100, aggregated (3)
02-Feb-2012 10:18:50 %LINK-I-Up:  Vlan 100, aggregated (4)
02-Feb-2012 10:19:00 %2SWPORT-W-LOCKPORTACTIVE: A packet with source MAC 64:9e:f
3:77:5e:5d tried to access through port gi1/1/1 which is locked

switchb298d7#show run int gi1/1/1

interface gigabitethernet1/1/1

storm-control broadcast enable

storm-control broadcast level 10

storm-control include-multicast

port security max 2

port security mode max-addresses

port security discard trap 60

spanning-tree portfast

macro description ip_phone_desktop

switchport trunk allowed vlan add 100

!next command is internal.

macro auto smartport dynamic_type ip_phone_desktop

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

CHRIS YEO
Level 1
Level 1
In response to Tom Watts

‎11-21-2012 08:30 PM

Tom,

Thanks for the response...

So to summarize...

Even though you only have 2 mac addresses associated, you should not expect it to work properly.

Can you also tell me (otherwise I will test this myself and respond to this post), if I put a 2960 in place, will it act the same?  If the answer is no, then wouldn't this still be classified a bug?

Thanks again.

Chris

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to CHRIS YEO

‎11-21-2012 08:32 PM

I will see if I can locate a 2960, it's not a small business product, not sure if I got one laying around in the lab.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

CHRIS YEO
Level 1
Level 1
In response to Tom Watts

‎11-21-2012 08:36 PM

Tom,

Thanks for the quick response.

I understand it is not a small business product, but I do expect the products to work basically the same.

Thanks!

0 Helpful

CHRIS YEO
Level 1
Level 1
In response to Tom Watts

‎11-24-2012 02:53 PM

Tom,

Have you been able to test this yet?

Thanks!

Chris

Sent from Cisco Technical Support iPhone App

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to CHRIS YEO

‎11-24-2012 03:19 PM

It is Thanksgiving week, can't test until Monday

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Ben M Johnson
Level 4
Level 4
In response to CHRIS YEO

‎11-25-2012 04:58 PM

It's my understanding that that "data vlan" mac address is the mac address for the switch built into the phone.  Then you have the phone, then the PC.  3 mac addresses any way you count them.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to Ben M Johnson

‎11-26-2012 08:08 PM

This is a 2960 switch with the network policy configured. It has the same behavior as the SG500.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents