Hi Regis,
you've right. After a update to IOS version 12.2.53 it works.
Kind Regards
Andreas
2010/7/29 Regis Balzard <[email protected]>
> Hi Guys,
>
> I've just done a PF deployment on Cisco switches with VoIP and
> port-security and
> there are issues/bugs with IOS when you have this kind of setup.
>
> Try to upgrade the IOS to a most recent (> 12.2(50)xxx) and test again.
> I'm almost convinced that the line will not disappear anymore. How come a
> config
> line could be removed when you unplug a device ?!?!
> This has to be a bug.
>
> Keep us posted.
>
> Regards.
>
> Regis Balzard
> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
> Andreas Gröschl a écrit :
> > Hi Oliver,
> > Hi Mailing List,
> >
> > i have the same problem on a cisco 3750 stack that.
> >
> > The removal of "switchport port-security maximum 1 vlan access" is
> > definitely a problem.
> >
> > Do you have some fixes or idea how i can fix this problem?
> >
> > My Cisco 3750 has version :WS-C3750-24P 12.2(25)SEB4
> > C3750-IPBASE-M
> >
> >
> > Without a fixes for this problem, i think it would be the best practice
> > to go back to link-up -link-down and mac-notifications.
> >
> > We have in our network 1300 Nodes (PC, Printer) and 700 IP-Phones. Do
> > you think this would be a performance Proble?
> >
> > Thanks, Andi
> >
> >
> > 2010/6/16 Olivier Bilodeau <[email protected]
> > <mailto:[email protected]>>
> >
> > Hi Kurtis,
> >
> > First, thanks for your great documentation of your problem. This
> helps a
> > lot and makes it pleasant to help! :)
> >
> > ...
> > > mac address of Laptop(1) shows up in PF. No computername or dhcp
> time
> > > information is present, just the mac and the switchport it is
> > attached
> > > to. (Phone1) still does not show up in PF. Somewhat good but the
> > sudden
> > > absence of data collected by PF is unsettling.
> > >
> >
> > There are two ways to handle VoIP:
> > - You auto-register them and manage them
> > - The switch supports a VoiceVLAN and you let the port-security
> > automatically allow MACs into the voice vlan
> >
> > The Cisco config you used (and we recommend) is method #2. By setting
> a
> > maximum of 2 and a maximum on access VLAN of 1, the remaining 1 MAC
> is
> > dynamic and gets assigned to the voice vlan. No trap is sent to PF so
> > the phone won't show up in PF. Everything normal there.
> >
> > The no dhcp or computername information is unrelated but not normal.
> > What have you done to make sure that PF gets the normal /
> registration
> > DHCP? (IP-Helpers or vlan interface and pf.conf's
> type=dhcplistener...)
> >
> > >>
> > >
> > >
> > >
> > > <3
> > >
> > > Manually register Laptop(1) with PF
> > >
> > > 5d01h: %SYS-CLUSTER_MEMBER_2-5-CONFIG_I: Configured from X.X.X.X
> > by snmp
> > >
> > > port config is now:
> > >
> > > interface FastEthernet0/24
> > > switchport access vlan 121
> > > switchport mode access
> > > switchport voice vlan 200
> > > switchport port-security
> > > switchport port-security maximum 2
> > > switchport port-security violation restrict
> > > switchport port-security mac-address 00e0.9114.675e
> > > spanning-tree portfast
> > >
> > > mac address of Laptop(1) shows up in PF. No computername or dhcp
> time
> > > information is present, just the mac and the switchport it is
> > attached
> > > to. (Phone1) still does not show up in PF. The line that I added
> > > “switchport port-security maximum 1 vlan access” is now gone from
> the
> > > port config and the vlan has changed to 121, the mac detect vlan
> that
> > > has no ip addresses associated
> > >
> >
> > The removal of "switchport port-security maximum 1 vlan access" is
> > definitely a problem.. It is not intentionally removed.
> >
> > I suspect an IOS issue since we have various setup that do work using
> > Cisco (2960s) with VoIP and PacketFence. The line is not removed by
> our
> > actions over SNMP.
> >
> > What version of PacketFence are you running?
> > What IOS version?
> > Can you test other IOSes?
> > Are you using 3560's only?
> >
> > Keep us posted.
> > --
> > Olivier Bilodeau
> > [email protected] <mailto:[email protected]> ::
> > +1.514.447.4918 *115 :: www.inverse.ca <http://www.inverse.ca>
> > Inverse inc. :: Leaders behind SOGo (www.sogo.nu
> > <http://www.sogo.nu>) and PacketFence
> > (www.packetfence.org <http://www.packetfence.org>)
> >
> >
> ------------------------------------------------------------------------------
> > ThinkGeek and WIRED's GeekDad team up for the Ultimate
> > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> > lucky parental unit. See the prize list and enter to win:
> > http://p.sf.net/sfu/thinkgeek-promo
> > _______________________________________________
> > Packetfence-users mailing list
> > [email protected]
> > <mailto:[email protected]>
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> ------------------------------------------------------------------------------
> > The Palm PDK Hot Apps Program offers developers who use the
> > Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> > of $1 Million in cash or HP Products. Visit us here for more details:
> > http://p.sf.net/sfu/dev2dev-palm
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Packetfence-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> ------------------------------------------------------------------------------
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> http://p.sf.net/sfu/dev2dev-palm
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
