Wired Intelligent Edge

I have a few ports with a phone + computer connected.  These ports have port security enabled, with a mac limit of 2, and sticky MAC.  I've noticed that the computer MAC is stickied, but the phone is not.  The sticky database shows only the computer and, the MACs learned on the port indicate the computer is stickied:

#show mac-address-table interface gigabitethernet 1/0/17

Total MAC address: 2
Learnt: 0, Static: 0, Auth: 0, Phone: 1, Sticky: 1 Blacklisted: 0

MAC Address Table
-----------------
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- ----------------
xx:xx:xx:xx:xx:xx         Phone  xxx    GE1/0/17
xx:xx:xx:xx:xx:xx         Sticky xxx    GE1/0/17

Is this normal?  My concern is that someone could plug in an unmanaged switch and connect  two computers since the phone isn't stickied.

Trusted.

Hm. I assume the phone is in a voice vlan separate from the client device? I wonder if its not being stickied because it is technically in a different VLAN and sticky is determined at the VLAN level, not port.

Thecompnerd,

I suspect you are using "voip-mode auto-discover". Is that correct? If so, there is currently an issue with Sticky MAC and auto-discover that we are working to resolve. Auto-Discover only needs to be enabled if you are using CDP only phones. If you are using LLDP-MED phones, do not enable this knob and sticky-MAC will work as expected.

Best regards,

Madani

*** Corrected my poor grammer... typed too quickly this morning.

Yes, auto-discover is enabled on the voip profile.  They're LLDP, so if I disable this feature will that resolve the issue?

Tim,

Yes, different VLANs.  I'd expect sticky to MAC to work at the port level just like it does on a Cisco switch.

Yes, change the voip-mode to "voip-mode static" and it should work.

Best regards,

Madani

Thanks Madani!