Campus Switching and Routing

Reply
MVP
Posts: 1,111
Registered: ‎10-11-2011

MAS: Sticky MAC - Phone Isn't Stickied

[ Edited ]

I have a few ports with a phone + computer connected.  These ports have port security enabled, with a mac limit of 2, and sticky MAC.  I've noticed that the computer MAC is stickied, but the phone is not.  The sticky database shows only the computer and, the MACs learned on the port indicate the computer is stickied:

 

#show mac-address-table interface gigabitethernet 1/0/17

Total MAC address: 2
Learnt: 0, Static: 0, Auth: 0, Phone: 1, Sticky: 1 Blacklisted: 0

MAC Address Table
-----------------
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- ----------------
xx:xx:xx:xx:xx:xx         Phone  xxx    GE1/0/17
xx:xx:xx:xx:xx:xx         Sticky xxx    GE1/0/17

 

Is this normal?  My concern is that someone could plug in an unmanaged switch and connect  two computers since the phone isn't stickied.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: MAS: Sticky MAC - Phone Isn't Stickied

Is this a trusted or untrusted interface?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: MAS: Sticky MAC - Phone Isn't Stickied

Trusted.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Aruba
Posts: 429
Registered: ‎05-30-2012

Re: MAS: Sticky MAC - Phone Isn't Stickied

[ Edited ]

Thecompnerd,

I suspect you are using "voip-mode auto-discover". Is that correct? If so, there is currently an issue with Sticky MAC and auto-discover that we are working to resolve. Auto-Discover only needs to be enabled if you are using CDP only phones. If you are using LLDP-MED phones, do not enable this knob and sticky-MAC will work as expected.

 

Best regards,

 

Madani

 

*** Corrected my poor grammer... typed too quickly this morning.

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: MAS: Sticky MAC - Phone Isn't Stickied

Hm. I assume the phone is in a voice vlan separate from the client device? I wonder if its not being stickied because it is technically in a different VLAN and sticky is determined at the VLAN level, not port.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: MAS: Sticky MAC - Phone Isn't Stickied

Yes, auto-discover is enabled on the voip profile.  They're LLDP, so if I disable this feature will that resolve the issue?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: MAS: Sticky MAC - Phone Isn't Stickied

[ Edited ]

Tim,

 

Yes, different VLANs.  I'd expect sticky to MAC to work at the port level just like it does on a Cisco switch.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Aruba
Posts: 429
Registered: ‎05-30-2012

Re: MAS: Sticky MAC - Phone Isn't Stickied

Yes, change the voip-mode to "voip-mode static" and it should work.

 

Best regards,

 

Madani

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: MAS: Sticky MAC - Phone Isn't Stickied

Thanks Madani!

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
Showing results for 
Search instead for 
Did you mean: