Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2747
Views
0
Helpful
2
Replies

Port Security voice vlan

sergeymolchanov
Level 1
Level 1

‎09-22-2016 01:19 AM - edited ‎03-08-2019 07:32 AM

Hello!

I have Cisco Catalyst 2960 switch with iOS c2960s-universalk9-mz.150-2a.SE9.bin

I Testing Port Security option with additional settings. Here is the port config:

interface GigabitEthernet0/8
switchport access vlan 5
switchport mode access
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
network-policy 101
storm-control broadcast level pps 500
storm-control multicast level pps 500
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 15

All working correctly, but after save config and reload switch I saw error in console:

switchport port-security maximum 1 vlan voice
^
% Invalid input detected at '^' marker.

And this setting was removed from interface. All other working correctly (Phone adds to voice vlan via network policy).

But if I configures interface with voice vlan setting instead network policy, switchport port-security maximum 1 vlan voice keeps in port settings after reload.

interface GigabitEthernet0/8
switchport access vlan 5
switchport mode access
switchport voice vlan 101
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security aging time 1
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 500
storm-control multicast level pps 500
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 15

Why port-security with network policy option works incorrect?

Labels:
0 Helpful
2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

‎09-22-2016 05:22 AM

Hi

see below

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/command/reference/2960ComRef/cli1.html

From Cisco doc

If you first configure a network-policy profile on an interface, you cannot apply the switchport voice vlan command on the interface. If switchport voice vlan vlan-id is already configured on an interface, you can apply a network-policy profile on the interface. The interface then has the voice or voice-signaling VLAN network-policy profile applied on the interface.

0 Helpful

sergeymolchanov
Level 1
Level 1
In response to Mark Malone

‎09-22-2016 10:35 PM

Hi,

This note didn't explained why I can configure firstly network-policy on the interface (without configure voice vlan on this interface) and after implement port-security commands, including switchport port-security maximum 1 vlan voice. Command not rejected. But after switch reload this command rejected

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card