Nortel (Avaya) Phones and Cisco switch port security issues

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

technical help needed!
My organisation has a number of Nortel IP phones that we have hooked up to a Cisco 3750 switch.
We are running PC's through the phone PC ports. The phones work fine and connecting ok to the DHCP server and work fine on the network.
However when connecting PC's to different positions on these phones we are getting a port security violation error and the PC's are unable to work on the network.
What we are seeing happen is that with port security on and maximum mac addresses allowed of 3. When you plug more than 3 different PC's into the phone, the port is locking out and the mac addresses are not cleared from that interface on the switch.

The security config we have on the interface is:
switchport port-security
switchport port-security maximum 3
switchport port-security maximum 1 vlan voice
switchport port-security maximum 1 vlan access
switchport port-security violation restrict

When you disconnect the phone from the switch the mac addresses are clearing but only if you disconnect, otherwise they build up and up until you have 100's of violations on the same mac-address.

this makes it difficult when doing office moves etc.

We have tried troubleshooting the phones but all the settings seem normal.

anyone come across this issue with Avaya phones vs Cisco switches before or any other make of phone?

many thanks

Millsie

 

Sorry guys, maybe not being clear enough.
The initial problem I had was when I was testing the data links through the phone turrets with my laptop. Going to each phone to test. After I tried the first phone it worked fine but when I moved to others I couldnt get a data connection.

Only 1 PC per phone.
What we found was the reason this was happening is that although restrict is set to absolute (0) the mac address of my laptop was getting stuck (without sticky command) on each interface, so as I was moving around it was incrementing my mac address and firing the violation.

I should be able to move around each phone and get a link as the switch should remove my mac address after disconnecting.

Which is why its causing issues with desk/pc moves etc.

We test this by having one phone connected to a switch, plugging three different laptops in one after the other, do a 'show mac address-table interface' and you can see that although the other laptops are disconnected, the mac addresses are stuck there unless you disconnect the phone turret from the switch.
Its as if the phone is causing the switch to stick the addresses when they should be removed from the cam table straight away.

Hope that makes sense?

M