[cisco-voip] switchport port-security sticky for IP phones

Fuermann, Jason JBF005 at shsu.edu
Fri Apr 10 15:01:44 EDT 2009 

The newer code on the switches will remove the phones mac from the access vlan once the phone has negotiated. The only caveat I've seen is that if violation is set to shutdown, the port is shutdown before the mac get's removed.

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Peter Pauly
Sent: Friday, April 10, 2009 1:49 PM
To: Mike Wilusz
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] switchport port-security sticky for IP phones

Actually, I'm setting it to 3.

Here's a typical example of a recommended setup:

switchport port-security
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security mac-address sticky 1111.1111.1111 vlan access
switchport port-security mac-address sticky 2222.2222.2222 vlan access
switchport port-security mac-address sticky 2222.2222.2222 vlan voice

I only ever see two entries, one for the PC (access vlan) and one for
the phone (voice vlan). I never see two for the phone.

On Fri, Apr 10, 2009 at 2:42 PM, Mike Wilusz
<mikewilusz at pricechopper.com> wrote:
> Peter,
>
> We're using "sticky" mode for PCs and phones.  Are you setting the port to
> detect 2 macs?  "switch port-security maximum 2"
>
> Mike Wilusz, CCNA
> Telecommunications & Networking Supervisor
> Price Chopper Supermarkets / The Golub Corporation
>
>
>
>
>> From: Peter Pauly <ppauly at gmail.com>
>> Date: Fri, 10 Apr 2009 14:31:51 -0400
>> To: <cisco-voip at puck.nether.net>
>> Subject: [cisco-voip] switchport port-security sticky for IP phones
>>
>> All the examples of port security I've found show that an IP phone
>> needs two mac-address entries, one for the voice vlan and one for the
>> access vlan. When turning on "sticky" mode, I only ever see an entry
>> created for the voice vlan, never for the access vlan, even when
>> power-cycling the phone.
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list