Have experience with Cisco VOIP?

Shadowspawn

[H]ard|Gawd
Joined
Sep 17, 2002
Messages
1,870
Task: I am assigned the task of enabling port security on the 250+ switches on my network (13,000 users). We are utilizing VOIP on this network with Cisco phones, Cisco switches and a Cisco call manager. I do not know much about the call manager, being a CCNA with around 3 years of experience.

Problem: If I use the switchport port-security mac-address sticky command, the ports that have VOIP phones max out the number of allowed MAC addresses - up to 15 (repeating the phones MAC over and over again).

Question: Do any of you have experience with this issue? I have been told that I need to statically assign the MAC addresses which is an insane idea, considering the number of users I have. I believe it is a configuration error in the call manager or on the phones themselves and am hoping somebody out there has seen this before. Google hasn't helped me.
 

Boscoh

[H]ard|Gawd
Joined
Nov 25, 2003
Messages
1,159
I've never seen that. Assuming there is only one PC plugged into the phone, you should just have to set the max MAC addresses on the port to 3, since IP Phones require two.

I'd suggest opening a TAC case as it sounds like a bug somewhere.
 

WesM63

2[H]4U
Joined
Aug 29, 2004
Messages
3,266
Yes, Tons of experience. However, i've never used that command. IIRC, my callmanager guy said at one time there is a setting in callmanager. I will check and get back.
 

WesM63

2[H]4U
Joined
Aug 29, 2004
Messages
3,266
Ok, the only thing I see in callmanager is the ability to disable the PC Port on the phone. Not sure if thats what your after, but you CAN disable the PC Port from callmanager if you do not want people plugging devices into the phone.

To me it sounds like you are trying to limit the # of devices behind the phone via mac filtering. I say open a TAC call.
 

Shadowspawn

[H]ard|Gawd
Joined
Sep 17, 2002
Messages
1,870
I've never seen that. Assuming there is only one PC plugged into the phone, you should just have to set the max MAC addresses on the port to 3, since IP Phones require two.

I've read that the phone requires two MAC's, but I am only seeing one on my network...so the ports that have a phone and a system have two MAC's. What's the third?

I'll take a snapshot of the port configurations and the result, maybe that will help. I may just have to take it to Cisco.


EDIT: Ok, because the phone is seen as a switch and a phone, it's MAC is repeated on both the VOIP VLAN and the access VLAN - but it's the same MAC for both, so setting the maximum to two should still work (one for PC, one for phone).

EDIT again: It's working. I cannot repeat the problem. I've set the port to sticky with a maximum of two. It's picked up two distinct MAC's - no more, no less. I don't know if this was an isolated incident (possibly a different model of phone) or if the members of my team that found the problem had a PIBKAC.

Thanks for trying to help guys.
 
Top