Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1425
Views
0
Helpful
1
Replies

Port Security issue with VoIP phones

michael.armour.ctr1
Level 1
Level 1

‎03-15-2017 09:57 AM - edited ‎03-08-2019 09:45 AM

I am having issues on several switches (Catalyst 2960X-24PS and 2960X-48LPD IOS 15.2(5b)E) with several Avaya 1120E VoIP phones. The issue seems to be related to port-security. Initially I had my interfaces configured like this:

switchport access vlan 172
switchport mode access
switchport voice vlan 503
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky xxxx.xxxx.xxxx
switchport port-security mac-address sticky xxxx.xxxx.xxxx vlan voice
switchport port-security
no logging event link-status
srr-queue bandwidth share 1 30 35 5
priority-queue out
no snmp trap link-status
mls qos trust cos
auto qos trust
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable

During the day I would start getting calls that users had lost network connectivity and phones would not connect. I could not find any ports disabled or no errors in the logs. I did some research and found a reference to this on the forum:

https://supportforums.cisco.com/discussion/11187796/port-security-issue-causes-limited-connectivity-pcs

The only thing I could really gather was I should try changing the maximum allowed macs to 3. I made that change but I am still having the issue. Yesterday I checked the entries in the arp table and I had 120 entries. A few minutes later I showed 60. Seeing no errors I entered the command clear port-security all. The arp table immediately increased back to 120. A short while later the arp table started losing entries again. I issued the clear port-security command again the the arp entries returned to 120. After several attempts I finally rebooted the switch around noon and everything was fine the rest of the day. This morning a user had tripped port security on a port in that switch and I cleared it. Shortly after I started having the same issues mentioned earlier. Instead of reboot the switch, I did a shut no shut on all the interfaces on the switch and this cleared the problem so far. Does anyone have any ideas as to what might be causing the issue or what else I can do to troubleshoot?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Julio E. Moisa
VIP
VIP

‎03-15-2017 10:38 AM

Hi

Your config looks fine, have you configured DHCP snooping on the switch? Try just with this configuration only to discard. Have you tried without port security and it works?

default interface GX/X

interface GX/X

switchport access vlan 172
switchport mode access
switchport voice vlan 503
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky xxxx.xxxx.xxxx
switchport port-security mac-address sticky xxxx.xxxx.xxxx vlan voice
switchport port-security
mls qos trust cos
auto qos trust

The sticky should not be a problem.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card