No arp inspection and MAB are not enabled, nor any other features that can cause conflict.

!        

interface FastEthernet0/11

switchport access vlan 8

switchport mode access

switchport voice vlan 201

switchport port-security maximum 2

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address sticky

switchport port-security mac-address sticky 000f.fe9f.c77f

switchport port-security mac-address sticky 000d.6536.9b66 vlan voice

spanning-tree portfast

!

This is a sample configuration. The mac addresses learned here are correct, even though, the PC has limited connectivity.

The switch model is WS-C3550-24PWR-SMI and the IOS Version is 12.2(50)SE.

Hello Amr,

You need to add the below configuration to the Switch port:

Interface f0/11

switchport port-security maximum 1 vlan voice

and remove the bellow configuration:

switchport port-security mac-address sticky 000f.fe9f.c77f

switchport port-security mac-address sticky 000d.6536.9b66 vlan voice

With the Sticky option, and maximum of 2 Mac allowed, you should be fine with the current config.

Regards,

Mohamed

!

interface GigabitEthernet0/26

description "Amr Hossam"

switchport access vlan 8

switchport mode access

switchport voice vlan 121

switchport port-security maximum 2

switchport port-security maximum 1 vlan access

switchport port-security maximum 1 vlan voice

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0023.7d4e.ad7e

switchport port-security mac-address sticky 0021.5554.8124 vlan voice

duplex full

spanning-tree portfast

This is the new configuration I tried, on this switch (3560) it works fine, but on the 3550 switch the same problem still exists.

Hello Amr ,

The config is ok .

Could you check if the PC's mac address , was learned also on other secured switch port ?

Does the PC move from one to other port ?

Dan

No it doesnt move from one port to another and it is not learned on another port.

I found this in a cisco document, it says that we cannot configure sticky mac address on voice port, and should reserve 2 mac places for the IP Phone, I tried this but only 1 mac address is learned for the Phone, so this leaves an empty space which is the reason we are doing that in the first place.

• You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

• When you enable port security on an interface that is also configured with a voice VLAN, you must

set the maximum allowed secure addresses on the port to at least two plus the maximum number of

secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the

IP phone requires up to two MAC addresses. The address of the IP phone is learned on the voice

VLAN, and it might or might not be learned on the access VLAN. Connecting a PC to the IP phone

requires additional MAC addresses

• If any type of port security is enabled on the access VLAN, dynamic port security is automatically

enabled on the voice VLAN.

You can find the document here http://www-europe.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swtrafc.pdf

I'm having exactly the same issue, in an identical network environment. Anybody has an idea?

Try the commands

clear port-security

clear mac address-table