question about voice vlan

as to i know , static secure or sticky secure MAC address were configured by this command : port-security, and port-security was a per-port basis command, not a per-vlan basis command. then how can i understand the following clause copied from Voice VLAN Configuration Guidelines of cisco :

You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

here is the URL:
Catalyst 2940 Switch Software Configuration Guide, 12.1(22)EA7 - Configuring Voice VLAN [Cisco Catalyst 2940 Series Switches] - Cisco Systems

Find more posts tagged with

Comments

/usr

What exactly are you asking?

I believe that statement means you cannot configure sticky MAC's on a port that is a member of a voice VLAN, not that you can't configure sticky MAC's on the VLAN as a whole.

szokp

/usr wrote: »

What exactly are you asking?

I believe that statement means you cannot configure sticky MAC's on a port that is a member of a voice VLAN, not that you can't configure sticky MAC's on the VLAN as a whole.

errrrr, sorry for my poor english.....

let me ask like this : can i enable port-security on a switch port that had already configured with voice vlan ?

ipSpace

The answer is in the link you posted:
"When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The address of the IP phone is learned on the voice VLAN, and it might or might not be learned on the access VLAN. Connecting a PC to the IP phone requires additional MAC addresses."

Bottom answer, yes you can.

Have a great day!

szokp

inSecure.ro wrote: »

The answer is in the link you posted:
"When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The address of the IP phone is learned on the voice VLAN, and it might or might not be learned on the access VLAN. Connecting a PC to the IP phone requires additional MAC addresses."

Bottom answer, yes you can.

Have a great day!

thank for your reply !

however, how come this :

You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

does it means that i can configure port-security with neither static nor sticky secure MAC addresses?

pitviper

szokp wrote: »

thank for your reply !

however, how come this :

You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

does it means that i can configure port-security with neither static nor sticky secure MAC addresses?

You CAN do both, though the book does say no sticky on a port w/Voice VLAN (might be dependant on the switch model - Works fine on 3560/3750):

interface FastEthernet0/15
switchport access vlan 10
switchport mode access
switchport voice vlan 20
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address 0000.1111.2222 vlan access
switchport port-security mac-address sticky 0027.033c.f57a vlan voice
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone