It depends on vendor phone and software/hw version of the phone that you're
plugging in - in worse case it goes upto 3.
Common one is 2. for exaple, third party nortel or other phones that runs on
LLDP may take upto 3.
CDP based 2 (all newer phones/switches) but some old phones need 3.
On Tue, Jul 26, 2011 at 7:48 AM, Joe Astorino <joeastorino1982_at_gmail.com>wrote:
> I have recently tested this on a 4506 chassis running 12.2(53)SG1 and it
> works with a maximum of 2. I have a phone plugged into the port and a PC
> off of the phone. Here is my working configuration. I had done some
> research on the topic while configuring this, and found that on some
> platforms and IOS' you did indeed need a maximum of 3. It is probably one
> of those things that depends on code...
>
> interface FastEthernet3/19
> switchport access vlan 32
> switchport mode access
> switchport nonegotiate
> switchport voice vlan 64
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security maximum 1 vlan voice
> switchport port-security
> switchport port-security aging time 5
> switchport port-security aging type inactivity
> spanning-tree portfast
>
>
> On Mon, Jul 25, 2011 at 10:23 AM, Martijn Minis <martijn.minis_at_gmail.com
> >wrote:
>
> > I can distinctly remember a case where a IP telephone first listened
> > to it's native VLAN, then received a vender specific option via DHCP
> > with it's VLAN address, after which rebooted and set the correct VLAN
> > ID. After that, it went through the DHCP process again. This could
> > account for the MAC address being in both VLAN's. You could try and
> > check your DHCP scope to see if this is true?
> >
> > Regards,
> >
> > Martijn
> >
> > On 22 July 2011 13:41, Alexei Monastyrnyi <alexeim73_at_gmail.com> wrote:
> > > I reckon it depends on switch IOSand/or phone firmware version, I
> > > vaguely remember it being an issue but currently in our environment we
> > > have just 2 MACs, one in voice VLAN one in data VLAN, and port-security
> > > is set to 2.
> > >
> > > Cheers
> > > A.
> > >
> > > On 7/21/2011 10:22 PM, me you wrote:
> > >> all the ports I have with both a phone and computer have 3 mac's
> listed.
> > the
> > >> phones mac is listed on both vlans. I think this is normal.
> > >>
> > >> On Thu, Jul 21, 2011 at 4:11 PM, Roy Khan<roykhan123_at_hotmail.com>
> > wrote:
> > >>
> > >>> Dear
> > >>>
> > >>> Try to clear your mac address table because you are learning 3 mac
> > >>> addresses one single address 2 times
> > >>> clear the mac address table and tell us that is this fix this issue
> or
> > no.
> > >>>
> > >>> *clear mac-address-table dynamic int Fa0/19*
> > >>>
> > >>>> Date: Thu, 21 Jul 2011 14:47:46 +0430
> > >>>> Subject: port security question
> > >>>> From: anunda19_at_gmail.com
> > >>>> To: ccielab_at_groupstudy.com
> > >>>> I am setting up port security for one computer on a port. Simple.
> But
> > I
> > >>> am
> > >>>> having problems with the only port that has both a VIOP and
> computer.
> > The
> > >>>> MAC address on the phone is showing on both VLAN. I have included
> all
> > the
> > >>>> info. I am just overlooking something stupid. What is it?
> > >>>>
> > >>>> Thanks
> > >>>> Rob
> > >>>>
> > >>>>
> > >>>> sh mac add | i 0/19
> > >>>> 2 0030.94c2.92b0 DYNAMIC Fa0/19
> > >>>> 2 bcae.c52f.f4c5 DYNAMIC Fa0/19
> > >>>> 3 0030.94c2.92b0 DYNAMIC Fa0/19
> > >>>>
> > >>>>
> > >>>>
> > >>>> interface FastEthernet0/19
> > >>>> description Pete
> > >>>> switchport access vlan 2
> > >>>> switchport mode access
> > >>>> switchport voice vlan 3
> > >>>> switchport port-security
> > >>>> switchport port-security maximum 2
> > >>>> switchport port-security violation restrict
> > >>>> switchport port-security mac-address 0030.94c2.92b0
> > >>>> switchport port-security mac-address bcae.c52f.f4c5
> > >>>> load-interval 30
> > >>>> speed 100
> > >>>> duplex full
> > >>>> spanning-tree portfast
> > >>>>
> > >>>> Error
> > >>>> Jul 21 09:55:46.289: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
> > >>> violation
> > >>>> occurred, caused by MAC address 0030.94c2.92b0 on port
> > FastEthernet0/19.
> > >>>>
> > >>>>
> > >>>> Blogs and organic groups at http://www.ccie.net
> > >>>>
> > >>>>
> > _______________________________________________________________________
> > >>>> Subscription information may be found at:
> > >>>> http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Regards,
>
> Joe Astorino
> CCIE #24347
> Blog: http://astorinonetworks.com
>
> "He not busy being born is busy dying" - Dylan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 26 2011 - 08:36:06 ART
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART