Great thanks Peter. From my reading that definitely looks like the right command, "switchport voice detect cisco-phone". This appears to protect the voice vlan, but allows a PC or other device on access vlan. Appears if a device wants to communicate on the voice vlan is has to have drawn PoE from the switch, speak CDP and be full-duplex.
If any of these requirements are not met then the port is error disabled. Here is what I did for testing (right now only have remote access to a vrack) **Testing Full duplex** Port 1/0/2 is setup as a typical 3750 port with a 7960 cisco phone. Confirmed inline power is drawn. 1. Power is Up/Up. Shows up in CDP neighbor. 2. Added switchport voice detect cisco-phone, port Up/Up. Shut/no shut. Went back to Up/Up. 3. Forced port to half duplex and status = errdisable. 4. Set to duplex full, shut / no shut, back to UP/UP. **Testing PoE** Port 1/0/23 is setup with 7962 but either a l2vpn or power brick, inline power = 0. 1. Port is Up/Up. Shows up in CDP neighbor, 0 power drawn from switch. 2. Added switchport voice detect cisco-phone immediately into errdisable. 3. Removed command, shut/no shut and back up. I don't have a good way to test CDP errdisable portion within the vrack. I did try disabling cdp causing the phone to reside in the access vlan, than making both voice and access the same but that didnt work. Otherwise I could do LLDP but the only PoE connected phone in IPX 3750 is a 7960 which doesn't support it. Thanks for the right direction Peter. I saw error disabled and assumed switchport security. Overall due to the requirement of inline power I doubt we will see this in the lab, but fun testing and I think a great command I will add to my POE/CDP switch deployment template. Chris On Fri, Dec 9, 2011 at 7:51 AM, Peter Simmons <pe...@grayrigg.com> wrote: > Chris, > > Looks to me like you need the "switchport voice detect" command here. > > Regards > > Peter > > > On 09/12/2011 07:57, datucha123 datucha123 wrote: > >> Can you please update the solution to this question, when you will get >> it to work >> >> On Thu, Dec 8, 2011 at 7:50 PM, Chris Martin <clm.c...@gmail.com >> <mailto:clm.c...@gmail.com>> wrote: >> >> So I am working on the new 5-lab pack from IPX, in lab 4 step 1.2 >> you are asked to cause a port on the 3750 to go into error disable >> status if a non cisco phone is connected. Unfortunately the DSG is >> not available yet for this lab. Here is what I have thought but the >> problem with this solution is it will error disable if even a PC is >> connected behind the Cisco phone... Step 1.1 says assume each phone >> has a phantom computer connected. >> >> interface FastEthernet1/0/23 >> description HQ PHONE 2- 7962 phone >> switchport access vlan 101 >> switchport mode access >> switchport voice vlan 102 >> switchport port-security maximum 2 >> switchport port-security maximum 1 vlan access >> switchport port-security maximum 1 vlan voice >> switchport port-security >> switchport port-security mac-address aabb.ccdd.eeff >> >> -- >> >> SiteA-Switch#show port-se >> Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security >> Action >> (Count) (Count) (Count) >> ------------------------------**------------------------------** >> --------------- >> Fa1/0/2 2 2 0 >> Shutdown >> ------------------------------**------------------------------** >> --------------- >> Total Addresses in System (excluding one mac per port) : 1 >> Max Addresses limit in System (excluding one mac per port) : 6144 >> >> -- >> >> So I enabled port-security, set the max mac address to 2 total for >> the port and 1 for each vlan. I then statically assigned 1 mac to >> the access vlan, causing anything trying to connect to the access >> vlan to through the port into error disable. >> >> Any other thoughts? >> >> Chris >> >> ______________________________**_________________ >> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com <http://www.ipexpert.com/> >> >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> <http://www.platinumplacement.**com/<http://www.platinumplacement.com/> >> > >> >> >> >> >> >> ______________________________**_________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > ______________________________**_________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
