Hi Thomas, As stated in the 6500 module documentation, we did not test it using VoIP.
=head1 STATUS Supports port-security. VoIP not tested. ... Can you try setting a mac address on the voice vlan as well : switchport port-security maximum 1 vlan voice switchport port-security mac-address 0200.010x.xxxx vlan voice This is something we can look at if you want to sponsor the development. On 12-03-14 1:09 AM, Thomas Tsai wrote: > I'm currently setting up Packetfence v3.2 in conjunction with a Cisco 6509 > running 12.2(33)SXI7. Two issues so far that I've run into. > > 1) Although the v3.2 admin guide (and network config guide) states that the > correct switchport config on a 6500 should look something like: > > switchport access vlan xxx > switchport mode access > switchport voice vlan xxx > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > switchport port-security mac-address 0200.0001.0096 > spanning-tree portfast > > . the "switchport port-security maximum 1 vlan access" command is not > supported on the 6509. In fact, from an open Cisco support case, as well as > Cisco documentation online, the only time that "vlan access" would work is if > the switch port is configured as a trunk port. That can easily be done by > me, however, it seems like there is no other posting that would make me > believe this would work for packetfence. Any suggestions? > > 2) Secondly, when I ignore this issue and simply set the maximum to 1 without > the "vlan access" line (assuming that, I'll only have a phone connected into > a switchport), I can connect a computer device and things seem to work > appropriately, however if I connect a VOIP device, such as a Cisco 7975 IP > Phone, I get the following error in the packetfence.log: > > Mar 13 21:46:52 pfsetvlan(19) WARN: SNMP error tyring to remove or add secure > rows to ifIndex 96 in port-security table. This could be normal. Error > message: Received inconsistentValue(12) error-status at error-index 1 > (pf::SNMP::Cisco::Catalyst_6500::authorizeMAC) > > And nothing seems to happen, which makes me think this isn't going to work. > Looking at past articles, I only see one other instance of this happening to > a person using a 2960, which needed to just upgrade his IOS version to a > newer one. > > I am totally opened to upgrading to v15 IOS, or another train altogether, as > long as I know what to upgrade to. Does anyone have any suggestions or any > experience getting packetfence to work correctly with a Cisco Catalyst 6500 > series switch? > > > > > ********************************************** > Email Disclaimer: > > This email, including attachments, may contain > proprietary, confidential or privileged information. If you > are not the intended recipient, please (i) do not use, > disclose, save or retransmit this message or any > attachments, (ii) alert the sender by reply email and (iii) > destroy or delete this message and any attachments. > Delivery of this email to a person other than the intended > recipient(s) shall not constitute a waiver of privilege or > confidentiality. > > CP Investments, member FINRA and SIPC, serves as > placement agent for investment products advised by > Canyon Capital Advisors LLC. This email is not intended to > be an offer to sell or a solicitation of an offer to buy any > security in any jurisdiction. We review and retain > electronic communications traveling through our network. > > ********************************************** > > ------------------------------------------------------------------------------ > Virtualization& Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > Packetfence-users mailing list > Packetfence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Packetfence-users mailing list Packetfence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
