Problem with VOIP Devices (OpenStage 15/40)

Stanislav Fotev · ‎07-08-2015

Recently I experience a small but annoying problem and I need you advice.
Situation:
One Cisco SW (WS-C3560-48PS-S, C3560-IPBASEK9-M, Version 12.2(55)SE7)
All Access ports are reconfigured as follows :
switchport mode access
switchport port-security maximum 3
switchport port-security
switchport port-security violation restrict
network-policy 110
mls qos trust dscp
no snmp trap link-status
storm-control broadcast level 4.00
storm-control multicast level 10.00
storm-control action shutdown
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable

First I connect a OpenStage Device (Siemens IP Phone) directly to the SW on port A (Fa0/29) and the a Laptop to the OpenStage. Its working fine. Two Mac addresses are populated to the SW mac table coming from port A (This is normal)

Then I move the laptop to another port, B (Fa0/38) and I get no network access !!!

On the SW log I see:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 480f.cf27.8aa6 on port FastEthernet0/38

The only way to make the laptop get network access on port B is to physicaly remove the OpenStage Device from port A or to issue command clear port-security all interface port A
Basically unpluging the laptop from the OpenStage is not seen by the SW and the SW did not clear the mac and does not let the Laptop to connect on another port on the same SW.
Do you have an idea how to make this work. I would like not to remove port-security from my devices. Do I have something wrong with the Access Port configuration parameters ?

Dan Lukes · ‎07-08-2015

Well, no device you mentioned is a device of Small Business product line, so you are asking in wrong community.

because of the matter of the issue you described, it's rather switch configuration issue than VOIP issue. Thus I will ask moderators to move this thread to LAN, Switching and Routing

It may take some time as moderator's team is overloaded. You may consider to use [ EDIT ] feature and move it to Network Infrastructure -> LAN, Switching and Routing by self.

According the question itself - you have port-security active. You are not allowed to have the same MAC on two ports at the same time. As long as the port A is shared and your laptop is not connected directly to it, the switch is unaware the laptop has been disconnected from port A. It's MAC is still registered here, thus the same MAC on port B trigger violation.

There are some solutions, but I would like to prefer that an expert on the matter (I'm not the one) will respond you. So move the thread to proper community to give them chance to respond.

Stanislav Fotev · ‎09-25-2015

I found the solution after a few tests.

Just add two more commands, it works fine for me!

switchport mode access
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
network-policy 110
no snmp trap link-status
mls qos trust dscp
storm-control broadcast level 4.00
storm-control multicast level 10.00
storm-control action shutdown
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable

krisztian szepe · ‎09-25-2015

Hello,

I have this problem to. How could you fix this issue?

Thanks

Krisz