You have to change the maximum from 2 to 3, and it is better to use the
setting shown in the following NSA doc (pg 2), by restricting voice and data
VLANs granularly
http://www.nsa.gov/ia/_files/factsheets/Factsheet-Cisco%20Port%20Security.pdf
Regards
Farrukh
On Thu, Jul 21, 2011 at 1:23 PM, Rob Clav <robclav_at_gmail.com> wrote:
> Hi Rob,
> You are missing you are configuring this feature at Voice vlan. So a new
> rules are played here.
> Please note, this is the expected behaviour.
> HTH,
> Robclav
>
>
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configura
> tion/guide/port_sec.pdf
>
> When you enable port security on an interface that is also configured with
> a voice VLAN, you must set the maximum allowed secure addresses on the port
> to two plus the maximum number of secure addresses allowed on the access
> VLAN. When the port is connected to a Cisco IP phone, the IP phone requires
> up to two MAC addresses. The IP phone address is learned on the voice VLAN
> and might also be learned on the access VLAN. Connecting a PC to the IP
> phone requires additional MAC addresses.
>
> 2011/7/21 me you <anunda19_at_gmail.com>
>
> > I am setting up port security for one computer on a port. Simple. But I
> am
> > having problems with the only port that has both a VIOP and computer. The
> > MAC address on the phone is showing on both VLAN. I have included all the
> > info. I am just overlooking something stupid. What is it?
> >
> > Thanks
> > Rob
> >
> >
> > sh mac add | i 0/19
> > 2 0030.94c2.92b0 DYNAMIC Fa0/19
> > 2 bcae.c52f.f4c5 DYNAMIC Fa0/19
> > 3 0030.94c2.92b0 DYNAMIC Fa0/19
> >
> >
> >
> > interface FastEthernet0/19
> > description Pete
> > switchport access vlan 2
> > switchport mode access
> > switchport voice vlan 3
> > switchport port-security
> > switchport port-security maximum 2
> > switchport port-security violation restrict
> > switchport port-security mac-address 0030.94c2.92b0
> > switchport port-security mac-address bcae.c52f.f4c5
> > load-interval 30
> > speed 100
> > duplex full
> > spanning-tree portfast
> >
> > Error
> > Jul 21 09:55:46.289: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
> violation
> > occurred, caused by MAC address 0030.94c2.92b0 on port FastEthernet0/19.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Robert Clavero
> CCIE RS/wr, CCNP, CCSP, CCSE NGX, SCSA 9, WLFES, BNP y JNCIA WX
> blog:http://robclavbcn.blogspot.com
>
> web:http://www.kubsolutions.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 21 2011 - 13:38:00 ART
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 06:30:06 ART