09-11-2012 05:54 PM
I am having a problem with port security and saving MAC addresses. Currently we run ICX6450's in a VOIP network. We want to prevent people from trying to plug in another computer to their port, but we don't want to disable the port, due to the fact that the phone won't work if it does. We opted to try to implement the restrict policy and it works as long as people do not unplug their phones. One of our techs found a work around where if they unplug a phone and the computer then when the plug a new computer in, the new computer works. The phones boot onto the data vlan and then reboot onto the voice vlan. Here is a sample of the current config we are running.
vlan 212 name DATA by port
router-interface ve 212
vlan 213 name VOICE by port
router-interface ve 213
interface ethernet 1/1/18
spanning-tree 802-1w admin-edge-port
inline power power-by-class 2
violation restrict 0
secure-mac-address 0010.491f.cb5d 212 (phone data)
secure-mac-address 0012.3f40.864e 212 (Computer data)
secure-mac-address 0010.491f.cb5d 213 (phone voice)
Thanks for any help in advance.
12-11-2012 01:41 PM
Have you tried to add the following:
Setting the port security age timer
By default, learned MAC addresses stay secure indefinitely. You can optionally configure the device
to age out secure MAC addresses after a specified amount of time.
To set the port security age timer to 10 minutes on all interfaces, enter the following commands.
To set the port security age timer to 10 minutes on a specific interface, enter the following
Brocade(config)#interface ethernet 7/11
Syntax: age <minutes>
The <minutes> variable specifies a range from 0 through 1440 minutes.The default is 0 (never age
out secure MAC addresses).
Even though you can set age time to specific ports independent of the device-level setting, the actual
age timer will take the greater of the two values. Thus, if you set the age timer to 3 minutes for the
port, and 10 minutes for the device, the port MAC aging happens in 10 minutes (the device-level
setting), which is greater than the port setting that you have configured.