cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35293
Views
25
Helpful
23
Replies

MAC address of IP phone in two vlans

Wassim Aouadi
Level 4
Level 4

Hi,

do you have any idea about why I see the MAC address of an IP phone in both access vlan and voice vlan? vlan 11 is my access vlan, and vlan 2222 is my voice vlan.

here's the config:

Current configuration : 247 bytes
!
interface FastEthernet1/0/12
switchport access vlan 11
switchport mode access
switchport voice vlan 2222
priority-queue out
mls qos trust cos
spanning-tree portfast
spanning-tree bpduguard enable
end

TNSWACCS01A1#sh mac address-table interface fa1/0/12
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  11    0024.8154.2aca    DYNAMIC     Fa1/0/12
  11    9caf.caff.5a8c    DYNAMIC     Fa1/0/12
2222    9caf.caff.5a8c    DYNAMIC     Fa1/0/12
Total Mac Addresses for this criterion: 3

23 Replies 23

Calin C.
Level 5
Level 5

It is there permanetly or just for a short time?

Depending on the IP phone brand and configuration, is possible that when this IP phone boot, it has not idea about the configuration (it may get the config over DHCP server , e.g. Siemens IP phones), so in the first phase it will send frames untagged using the data vlan (that's why the mac appear there).

As soon as the IP phone get or read it configuration, it will send the frames tagged with the Voice Vlan, so the mac will be shown into the voice vlan.

A lot depends how your Voice system is configured from the IP perspective.

I know I am probably looking in the wrong place and this is an old forum trail but has anyoen ever expereinced issues with connecting a data device to a port that has been set up for a voip handset? i have found a few times that i have had to disabe the voice vlan to get the data device to work off the access vlan on our 3750s that are running IOS v 15

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

In some of the Cisco IOS versions, the switch remembered the MAC of the IP

Phone in both data (native) and voice vlans. When the IP Phone boots up, it

initially associates itself to the data vlan just like any other host and

gets an IP in the DATA vlan. Then it will communicate with the TFTP server

to get the configuration file at which point it will realize that it should

be on the Voice VLAN and then change its vlan from the native vlan to voice

vlan (start tagging the packets). In the older code versions (If I remember

it right pre-12.2(44)SE), the switch did not remove the MAC from the data

vlan. Post 12.2(44)SE, they made a change to the code so the switch removes

the MAC from the MAC address table (from data vlan) as soon as the IP Phone

switches to voice vlan. I did see a bug filed for 12.2(50)SE again with the

same symptoms, so not sure if it is completely fixed. But it is not of a big

concern unless you are configuring port-security and trying to tie down the

number of MAC entries per interface.

Hope this helps.

Regards,

NT

ok,

My switch has IOS C3750-IPBASEK9-M, Version 12.2(50)SE4. How can I see whether it still has that bug or not?

Also, Nagaraja, it's a good point that you mentioned port-security. That's what I'm going to implement and that's why I had to examine MAC addresses learned on each port. What are your recommendations regarding port-security when I see those multiple MACs on the same port?

Hello,

While this bug was originally fixed, I did notice it resurfacing in

12.2(50)SE. What kind of IP Phone you are using on that switch?

Regards,

NT

Can you let us know the bugid?  Has this bug been fixed?

We see this mac address in V & D vlans sometimes. We have 12.2.53SE on a C3560.

Thanks.

Hi All,

Can anyone provide a Cisco BugID reference for this issue..?

Or

Is this normal behaviour without port-security turned ON.

Thanks

Hi,

we have the same behaviour with non Alcatel IP Phone.

According to me, it is not really a bug. There is a trunk between the switch and the phone. For some reasons, the IP phone can send some packets on the data vlan, which make its MAC address seen on the switch on this vlan. But according to me, this behaviour doesn't represent any problem for the network to wrok correctly.

P.

I'm using Cisco 7911 ip phones.

Also, you mentioned port-security. That's a feature we deployed on our network. Actually I implemented the following configuration template:

interface XXX

     switchport port-sec

     switchport port-sec maximum 3 ! -- two for voice vlan, one for host

     switchport port-sec max 1 vlan access

     switchport port-sec max 1 vlan voice

     switchport port-sec mac-address sticky

I'm restricting the number of MAC addresses learned on the data vlan to one. So I guess I'm not letting the ip phone associate its MAC to the data vlan?

We verified the same issue and also found that configuring Port-Security on 12.2(50)SE5 cleared the extra MAC ADDRESS.  We removed Port-Security and the extra MAC showed up again.  We were planning to move to Port-Security on these switches anyway.

"Then it will communicate with the TFTP server

to get the configuration file at which point it will realize that it should

be on the Voice VLAN and then change its vlan from the native vlan to voice

vlan (start tagging the packets)"

I use cisco ip phones 7911 which receive vlan config via CDP. But why do I also have this problem?

My cisco ip phones mac address appears in data vlan.

I am seeing the same problem, same setup....7942's get their config via CDP.  I am seeing the phone mac address in both the Data and Voice VLANs.  It appears that it is causing an issue with random connectivity.  When Port Security is applied, I am doing max address 1 access vlan, and it is shutting the port down.  Please help.

update: I upgraded IOS to 12.2.58.SE1 and the issue seems solved.

TNSWACCS01A1#sh mac add int fa1/0/20

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

2222    6416.8dbb.8d8a    STATIC      Fa1/0/20

  11    001f.29b2.c70c    STATIC      Fa1/0/20

interface FastEthernet1/0/20

description **** Justin Bieber fan ****

switchport access vlan 11

switchport mode access

switchport voice vlan 2222

switchport port-security maximum 2

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address sticky

Hi,

What is the number of this bug?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco