From: Skinner, Stephen (Stephen.Skinner@rbs.co.uk)
Date: Mon Sep 18 2006 - 08:43:55 ART
Sabrina ,
Thanks for that,
I do know that with dot1p taged "priority" frames you only need the 2 mac
address's.
I didn't know about the untagged feature , so thanks for explaining that .
I was just not sure of how many I would need with dot1Q(using a voice vlan)
Many thanks
Stephen Skinner
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
Sent: 17 September 2006 19:04
To: Skinner, Stephen; Cisco certification
Subject: Re: 3550 port security , need some clarification please
*** WARNING : This message originates from the Internet ***
That's a very good question. What I can tell you for sure is the following:
If the other PCs are not connected to that port you should not worry about
them.
Now if you were using "voice vlan X" for example the answer would have
been:
Switchport access vlan 3
Switchport voice vlan 5
Switchport port-security maximum 3
Switchport port-security mac-address 0000.0000.0000.0001 Switchport
port-security mac-address 0000.0000.0000.0002
You need 3 for the following reason:
1 phone mac on the voice vlan
1 phone mac on the data vlan
1 PC mac in the data vlan
The port security static mac entries are both created on the data vlan:
SW1#sh mac address-table vlan 3 | i 000a.
3 000a.000b.000c DYNAMIC Fa0/32
3 000a.000b.000d DYNAMIC Fa0/32
SW1#sh mac address-table vlan 5 | i 000a.
if you were using "voice vlan untagged" for example the answer would have
been, I believe:
Switchport access vlan 3
Switchport voice untagged
Switchport port-security maximum 2
Switchport port-security mac-address 0000.0000.0000.0001
Switchport port-security mac-address 0000.0000.0000.0002
You need 2 for the following reason:
1 phone mac on the voice vlan = data vlan (untagged)
1 PC mac in the data vlan (untagged)
Now if you are using "voice vlan dot1p" I don't know...since voice traffic
uses VLAN0 and I'm not sure how the system behaves in respect on that.
I don't have a way to try it out either unfortunately.
Sabrina
----- Original Message ----
From: "Skinner, Stephen" <Stephen.Skinner@rbs.co.uk>
To: sabrina pittarel <sabri_esame@yahoo.com>; Cisco certification
<ccielab@groupstudy.com>
Sent: Sunday, September 17, 2006 10:37:01 AM
Subject: RE: 3550 port security , need some clarification please
DIV { MARGIN:0px;} hello ,
they are the Mac address's of my phone 0001 and pc connected to the phone
00002
cheers
Stephen Skinner
From: sabrina pittarel [mailto:sabri_esame@yahoo.com]
Sent: 17 September 2006 18:15
To: Skinner, Stephen; Cisco certification
Subject: Re: 3550 port security , need some clarification please
*** WARNING : This message originates from the Internet ***
What are :
Switchport port-security mac-address 0000.0000.0000.0001
Switchport port-security mac-address 0000.0000.0000.0002
?
Sabrina
----- Original Message ----
From: "Skinner, Stephen" <Stephen.Skinner@rbs.co.uk>
To: Cisco certification <ccielab@groupstudy.com>
Sent: Sunday, September 17, 2006 9:37:40 AM
Subject: 3550 port security , need some clarification please
Gents ,
I am looking for some clarification please .
The doc CD says the following in reference to static Mac address's in voice
vlans .
When you enable port security on an interface that is also configured with
a
voice VLAN, you must set the maximum allowed secure addresses on the port
to
at least two plus the maximum number of secure addresses allowed on the
access VLAN. When the port is connected to a Cisco IP phone, the IP phone
requires up to two MAC addresses. The address of the IP phone is learned on
the voice VLAN, and it might or might not be learned on the access VLAN.
Connecting a PC to the IP phone requires additional MAC addresses
So lets say I am using DOT1Q Tagged frames and not DOT1P priority tagged
frames
I have got 6 machines on this VLAN , (NO other phones. just PC's)
And there are two devices (phone and PC) on this port fa0/14
I would config as per , YES ?
Int fa0/14
Switchport port-security maximum 8
Switchport port-security mac-address 0000.0000.0000.0001
Switchport port-security mac-address 0000.0000.0000.0002
Many thanks
Stephen Skinner
The Royal Bank of Scotland plc, Registered in Scotland No. 90312.
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB
Authorised and regulated by the Financial Services Authority.
This e-mail message is confidential and for use by the addressee only. If
the message is received by anyone other than the addressee, please return
the message to the sender by replying to it and then delete the message
from your computer. Internet e-mails are not necessarily secure. The Royal
Bank of Scotland plc does not accept responsibility for changes made to
this message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of
viruses, it is the responsibility of the recipient to ensure that the
onward transmission, opening or use of this message and any attachments
will not adversely affect its systems or data. No responsibility is
accepted by The Royal Bank of Scotland plc in this regard and the recipient
should carry out such virus and other checks as it considers appropriate.
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART