Possible to assign multiple mac addresses to LAN ports W/ sticky?

harrisca · ‎03-16-2012

I have a pool of 24 IP phones that I want to plug into 8 port LAN switches. I need to be able to mix and match phones and switches but, maintain port security. Is there a way to do this without getting a duplicate mac address error?

Dan, Thanks for the reply. I did try the multiple mac-addresses per port but, this errored with duplicate mac-address found. Still working on it....

Chuck

Dan-Ciprian Cicioiu · ‎03-16-2012

Hi ,

With sticky I do not think that you will be able to move the phones. Sticky will hardcode ( on your start-up config ) port-security allowed mac-address per port. A solution will be using :

switchport port-security maximum 2

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

switchport port-security aging type inactivity

If case of inactivity another mac will be permited to source packets on that interface. Is samehow the only compromise that you can do. If you are not allowed by the security policy, then you will have an overhead of operational tasks, deleting the sticky mac-addresses.

Later edit : just came to my mind - you can configure static all those mac-addresses on each port :

switchp port-sercurity max 24

switchport port-security mac-address x.x.x.x.x

.....

switchport port-security mac-address x.x.x.x.x

All 24 phones

Regards

Dan