Solved: Port Security on the port connected to VOIP Phone

Ketan Bheda · ‎10-11-2017

Hi People,

Hope things are going well.

I faced an strange thing when I implement the port security on the interface f0/2 on MUM-DSW4 as given in images. I applied sticky mac address and given the max count as 2 so that it would learn the MAC address of voip phone and the machine.

But what I observed was that, it seems to be like when communicating wrt Voip swith learned two mac address(one of VOIP Phone and another unknown MAC Address) because when I try to reach to my neighbour 192.168.10.2, I cant and the interface goes down when I perform that action due to violation shutdown.

When I run "show run" command with max count of 3 this time, everyhting goes normal but it learn three mac address (one for Voip , second one for Machine which were quite obvious to be learned but third was an unknown mac address).

I did many changes then to bring the logic but it seems to be like switch learned two mac address of voip phone and one mac address of machine where two mac address of voip phone is undesirable.

Please find the attahced images where you could also observe the same thing done in int f0/3 also with same switch.

Unknown Mac address found on f0/2 was 0000.0CAA.D601 and the mac address of voip and machine was found to be desirable i.e, 0090.2BAD.0487 and 00E0.A308.13E9 respectively.

Similarly, unknown Mac address found on f0/3 was 0002.17A6.A301 and the mac address of voip and machine was found to be desirable i.e, 000C.85C9.631E and 00D0.BA43.6094 respectively.

Spooster IT Services · ‎10-11-2017

Hi Ketan Bheda,

When phone boots and send first packet it is untagged packet and switch learn the MAC address in data VLAN and then come to know that this is a pohne system and assigned it to voice VLAN. Now switch has two MAC addresses one in data VLAN and other in voice VLAN but both are of phone system and when machine will come online then switch thought that port security is violated.

Spooster IT Services Team

View solution in original post

Mark Malone · ‎10-11-2017

Those unlnown macs are Cisco system MACs when I check them , where are they bound on the device did you check the interface MACs

MAC Address Details
Company
CISCO SYSTEMS, INC.
Address
SAN JOSE CA 95134-1706
UNITED STATES
Range
00:00:0C:00:00:00 - 00:00:0C:FF:FF:FF
TypeIEEE

MAC Address Details
Company
CISCO SYSTEMS, INC.
Address
SAN JOSE CA 95134-1706
M/S SJA-2
UNITED STATES
Range
00:02:17:00:00:00 - 00:02:17:FF:FF:FF
TypeIEEE MA-L

Ketan Bheda · ‎10-13-2017

Hi Mark,

I got the reason behind three mac addresses.

I wrote my views below, kindly have a look.

Thank you!

Spooster IT Services · ‎10-11-2017

Hi Ketan Bheda,

When phone boots and send first packet it is untagged packet and switch learn the MAC address in data VLAN and then come to know that this is a pohne system and assigned it to voice VLAN. Now switch has two MAC addresses one in data VLAN and other in voice VLAN but both are of phone system and when machine will come online then switch thought that port security is violated.

Spooster IT Services Team

Ketan Bheda · ‎10-13-2017

Hi Team,

Thanks for the clarification.

Got my query solved and also I can say that "Phone would have one mac add ie one which is connected to the switch but whenever a machine is connected over a phone then switch would learn 3 three mac addresses (one mac address of interface of phone connected to switch and another of phone's interface connected to the machine and the mac of machine itself)."

Please review on my thoughts.

NhanTruong22259 · ‎07-21-2020

I have the same error with cisco switch . Model C9200L

I connect one camera to one port of switch and configure port-security max 1 MAC address for this port.

But after some working days, this port was disable by two MAC addresses. Where is the second mac address from while I only connect one camera to one port, and the camera has only one MAC address.

Please help me resolve this problem .

Thank you very much