From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Jul 27 2008 - 08:48:48 ART
Oops to answer your last question;
>In case an employee plugs in a switch in that port, in "dynamic auto" mode
>will he have all access just like the other switches. If not how do we
>secure it.
Please refer to this doc;
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
2.2_20_se/configuration/guide/swvoip.html
"When you enable port security on an interface that is also configured with
a voice VLAN, you must set the maximum allowed secure addresses on the port
to two plus the maximum number of secure addresses allowed on the access
VLAN. When the port is connected to a Cisco IP phone, the IP phone requires
up to two MAC addresses. The IP phone address is learned on the voice VLAN
and might also be learned on the access VLAN. Connecting a PC to the IP
phone requires additional MAC addresses."
-Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Vibeesh S
Sent: Sunday, July 27, 2008 7:15 AM
To: ccielab@groupstudy.com
Subject: Native vlan - port security
Hi Group,
I have a doubt with regard to the port security when we configure native
vlan.
Switch ------------ IPphone ------- Pc
TRUNK
If I configure a port on my switch as an Trunk port that goes to an
employees desk which connects an IP phone to which a Pc is connected.
Now IP packets from the pc will reach the configured native vlan right ....
while the voip pakets will remain in the ports vlan.
In case an employee plugs in a switch in that port, in "dynamic auto" mode
will he have all access just like the other switches. If not how do we
secure it.
I just want to know what will happen as I have not deployed such scenarios.
Thanks,
Vibs
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:57 ART