Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
3
Replies

Voice vlan voice traffic only

Go to solution
AlanGill92533
Level 1
Level 1

‎01-06-2023 12:13 PM

I have a panasonic voip phone I want to make sure that someone cannot just remove the data cable from the phone and plug it into their computer and join my network. All I want is voice traffic to work on port/cable. Any help with configuration on the Cisco  switch catalist 1000 series would be much appreciated. Thanks in advance. Al 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-06-2023 01:21 PM

Not sure if you have any Identiy system in place like ISE to identify the device and validate.

Quick fix is sticky MAC.

if you add the stick MAC to port, then only with the source MAC only the port works, if not that will go error disable ( you can also configure auto recovery)

below example : check the command syntax based on the IOS code.

(config)# interface gig x/x
(config-if)# switchport mode access
(config-if)# switchport access X (this is voice vlan or you can use voice vlan)
(config-if)# switchport port-security
(config-if)# switchport port-security mac-address sticky
config-if)# switchport port-security mac-address xxxx.xxxx.xxxx(Static MAC of Phone)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
AlanGill92533
Level 1
Level 1
In response to balaji.bandi

‎01-06-2023 04:03 PM

Yes 100% thank you . Makes perfect sense. Excellent thanks again

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-06-2023 01:21 PM

Not sure if you have any Identiy system in place like ISE to identify the device and validate.

Quick fix is sticky MAC.

if you add the stick MAC to port, then only with the source MAC only the port works, if not that will go error disable ( you can also configure auto recovery)

below example : check the command syntax based on the IOS code.

(config)# interface gig x/x
(config-if)# switchport mode access
(config-if)# switchport access X (this is voice vlan or you can use voice vlan)
(config-if)# switchport port-security
(config-if)# switchport port-security mac-address sticky
config-if)# switchport port-security mac-address xxxx.xxxx.xxxx(Static MAC of Phone)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
AlanGill92533
Level 1
Level 1
In response to balaji.bandi

‎01-06-2023 04:03 PM

Yes 100% thank you . Makes perfect sense. Excellent thanks again
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎01-06-2023 04:22 PM

L2 port-security not know that device is IP phone or PC, 
and if you use sticky then if you move device to other port you will get err-disable and that for 500 users is nightmare, 
I think the best is dot1x if you can or using MAC ACL, 
MAC ACL with range of mac can you protect the port. 
this my view. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card