Hi Oliver,
Hi Mailing List,
i have the same problem on a cisco 3750 stack that.
The removal of "switchport port-security maximum 1 vlan access" is
definitely a problem.
Do you have some fixes or idea how i can fix this problem?
My Cisco 3750 has version :WS-C3750-24P 12.2(25)SEB4
C3750-IPBASE-M
Without a fixes for this problem, i think it would be the best practice to
go back to link-up -link-down and mac-notifications.
We have in our network 1300 Nodes (PC, Printer) and 700 IP-Phones. Do you
think this would be a performance Proble?
Thanks, Andi
2010/6/16 Olivier Bilodeau <[email protected]>
> Hi Kurtis,
>
> First, thanks for your great documentation of your problem. This helps a
> lot and makes it pleasant to help! :)
>
> ...
> > mac address of Laptop(1) shows up in PF. No computername or dhcp time
> > information is present, just the mac and the switchport it is attached
> > to. (Phone1) still does not show up in PF. Somewhat good but the sudden
> > absence of data collected by PF is unsettling.
> >
>
> There are two ways to handle VoIP:
> - You auto-register them and manage them
> - The switch supports a VoiceVLAN and you let the port-security
> automatically allow MACs into the voice vlan
>
> The Cisco config you used (and we recommend) is method #2. By setting a
> maximum of 2 and a maximum on access VLAN of 1, the remaining 1 MAC is
> dynamic and gets assigned to the voice vlan. No trap is sent to PF so
> the phone won't show up in PF. Everything normal there.
>
> The no dhcp or computername information is unrelated but not normal.
> What have you done to make sure that PF gets the normal / registration
> DHCP? (IP-Helpers or vlan interface and pf.conf's type=dhcplistener...)
>
> >>
> >
> >
> >
> > <3
> >
> > Manually register Laptop(1) with PF
> >
> > 5d01h: %SYS-CLUSTER_MEMBER_2-5-CONFIG_I: Configured from X.X.X.X by snmp
> >
> > port config is now:
> >
> > interface FastEthernet0/24
> > switchport access vlan 121
> > switchport mode access
> > switchport voice vlan 200
> > switchport port-security
> > switchport port-security maximum 2
> > switchport port-security violation restrict
> > switchport port-security mac-address 00e0.9114.675e
> > spanning-tree portfast
> >
> > mac address of Laptop(1) shows up in PF. No computername or dhcp time
> > information is present, just the mac and the switchport it is attached
> > to. (Phone1) still does not show up in PF. The line that I added
> > “switchport port-security maximum 1 vlan access” is now gone from the
> > port config and the vlan has changed to 121, the mac detect vlan that
> > has no ip addresses associated
> >
>
> The removal of "switchport port-security maximum 1 vlan access" is
> definitely a problem.. It is not intentionally removed.
>
> I suspect an IOS issue since we have various setup that do work using
> Cisco (2960s) with VoIP and PacketFence. The line is not removed by our
> actions over SNMP.
>
> What version of PacketFence are you running?
> What IOS version?
> Can you test other IOSes?
> Are you using 3560's only?
>
> Keep us posted.
> --
> Olivier Bilodeau
> [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit. See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
