<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
This aligns with my recollection of the issue. It focuses around CDP.
CDP should not be tagged with do1q, this potentially causes the phone
to show up in access vlan. Once CDP exchange is complete all other
traffic from the phone will be dot1q tagged to the voice vlan. Last I
heard CDP should not be tagged.<br>
<br>
if the switch does remove from access vlan there are special steps
going on to bypass (override?) the normal learning process.<br>
<br>
/wes<br>
<br>
On Friday, April 10, 2009 3:01:44 PM, Fuermann, Jason
<a class="moz-txt-link-rfc2396E" href="mailto:JBF005@shsu.edu"><JBF005@shsu.edu></a> wrote:<br>
<blockquote
cite="mid:8FAC1E47484E43469AA28DBF35C955E46C3F24B470@EXMBX.SHSU.EDU"
type="cite">
<pre wrap="">The newer code on the switches will remove the phones mac from the access vlan once the phone has negotiated. The only caveat I've seen is that if violation is set to shutdown, the port is shutdown before the mac get's removed.
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [<a class="moz-txt-link-freetext" href="mailto:cisco-voip-bounces@puck.nether.net">mailto:cisco-voip-bounces@puck.nether.net</a>] On Behalf Of Peter Pauly
Sent: Friday, April 10, 2009 1:49 PM
To: Mike Wilusz
Cc: <a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
Subject: Re: [cisco-voip] switchport port-security sticky for IP phones
Actually, I'm setting it to 3.
Here's a typical example of a recommended setup:
switchport port-security
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security violation shutdown
switchport port-security mac-address sticky
switchport port-security mac-address sticky 1111.1111.1111 vlan access
switchport port-security mac-address sticky 2222.2222.2222 vlan access
switchport port-security mac-address sticky 2222.2222.2222 vlan voice
I only ever see two entries, one for the PC (access vlan) and one for
the phone (voice vlan). I never see two for the phone.
On Fri, Apr 10, 2009 at 2:42 PM, Mike Wilusz
<a class="moz-txt-link-rfc2396E" href="mailto:mikewilusz@pricechopper.com"><mikewilusz@pricechopper.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Peter,
We're using "sticky" mode for PCs and phones. Are you setting the port to
detect 2 macs? "switch port-security maximum 2"
Mike Wilusz, CCNA
Telecommunications & Networking Supervisor
Price Chopper Supermarkets / The Golub Corporation
</pre>
<blockquote type="cite">
<pre wrap="">From: Peter Pauly <a class="moz-txt-link-rfc2396E" href="mailto:ppauly@gmail.com"><ppauly@gmail.com></a>
Date: Fri, 10 Apr 2009 14:31:51 -0400
To: <a class="moz-txt-link-rfc2396E" href="mailto:cisco-voip@puck.nether.net"><cisco-voip@puck.nether.net></a>
Subject: [cisco-voip] switchport port-security sticky for IP phones
All the examples of port security I've found show that an IP phone
needs two mac-address entries, one for the voice vlan and one for the
access vlan. When turning on "sticky" mode, I only ever see an entry
created for the voice vlan, never for the access vlan, even when
power-cycling the phone.
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap=""><!---->_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<br>
</body>
</html>