Ethernet Switching
Highlighted
Ethernet Switching

Switch is learning IP Phone MAC on both voice and default vlan

‎05-21-2014 01:02 AM

 

I have configured a port as part of VOICE VLAN using the below command

 

set ethernet-switching-options voip interface ge-0/0/15.0 vlan VOICE
set ethernet-switching-options voip interface ge-0/0/15.0 forwarding-class expedited-forwarding

 

The port is now part of both voice vlan and default data vlan.

 

Now my switch is learning  the same MAC (IP Phone's) twice in default and VOICE vlan

 

 #run show ethernet-switching table | match 0/0/15

 

 default           20:bb:c0:dd:6d:7a Learn          0 ge-0/0/15.0
  VOICE          20:bb:c0:dd:6d:7a Learn        0 ge-0/0/15.0 

 

How do I limit it to just one mac for IP Phone and two mac in case I connect  a PC to my IP Phone.

 

PS: I also need to apply qos(expedited forwarding) for voice traffic.

14 REPLIES 14
Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎05-21-2014 03:00 AM

Wouldn't this help you?

 

set ethernet-switching-options secure-access-port interface ge-0/0/15.0 mac-limit 2
set ethernet-switching-options secure-access-port interface ge-0/0/15.0 mac-limit action drop

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

[ Edited ]
‎05-21-2014 07:17 AM
It continuously generates log messages if I limit my mac. I have already tried that.

(set ethernet-switching-options secure-access-port interface ge-0/0/15.0 mac-limit 1)

 

May  21 19:04:15  ASW eswd[5887]: ESWD_MAC_LIMIT_DROP: MAC limit (1) exceeded at ge-0/0/15.0: dropping the packet from src 20:bb:c0:dd:6d:e8

 

 

 

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎05-21-2014 07:21 AM

Do you have both PC/phone attached to ge-0/0/15?

 

Seems that two MACs are learned over ge-0/0/15 and you are allowing only 1.

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎05-22-2014 12:39 AM
I have just one device (IP Phone) connected to ge-0/0/15. The switch is learning the IP Phone's mac twice. Once in default vlan and again in voice vlan.
Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎05-26-2014 05:00 AM

OK, I tested this in the lab and see the same thing with a MAC limit of 2:

 

 

{master:0}[edit]
us@ex4200#

{master:0}[edit]
us@ex4200# May 26 14:48:00  

ex4200 eswd[1304]: ESWD_MAC_LIMIT_EXCEEDED: MAC limit (2) exceeded at ge-0/0/47.0


{master:0}[edit]
us@ex4200#

{master:0}[edit]
us@ex4200# run show ethernet-switching table interface ge-0/0/47

Ethernet-switching table: 3 unicast entries

  VLAN              MAC address       Type         Age Interfaces

  data              *                 Flood          - All-members

  data              00:04:f2:47:12:98 Learn          0 ge-0/0/47.0

  data              c8:2a:14:41:34:d4 Learn          0 ge-0/0/47.0

  voice             *                 Flood          - All-members

  voice             00:04:f2:47:12:98 Learn          0 ge-0/0/47.0

{master:0}[edit]
us@ex4200# run show ethernet-switching table summary

    Total                               : 42

    L3 recieve route entries            : 2

    Dynamic entries                     : 34

    Flood entries                       : 6

{master:0}[edit]
us@ex4200# run show ethernet-switching table | match "Learn " | count

Count: 34 lines

{master:0}[edit]
us@ex4200#

 

Unfortunately I don't see any method of having exactly only two MACs allowed.

 

You might need to increase the limit to 3.

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎06-10-2014 06:45 AM

 

Which IP phone did you use.

 

In one of the IP phones which I used I am learning only one mac in voice VLAN.

 

For a different model IP phone I am learning the same mac twice once in voice vlan and again in data vlan.

 

Both were different models but from the same manufacturer.

 

Anyways I am limiting my MAC to three. If you come across some solution do let me know.

 

Thanks

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎04-25-2016 02:36 PM

Hello:

 

Im facing the same issue, do you have a solution for this issue?

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎09-28-2018 07:31 AM

Did anyone ever find an answer to this?  I am facing the same issue with my newly deployed EX3400 switches.  My Cisco Voip phones are listed twice in the switching table.  The switch table has an entry for the phone in both the Data vlan assigned to the port and the voice vlan assigned to the port.

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎09-28-2018 07:42 AM

Is the port configured for type = VOIP or = Access?  I would guess VOIP.  Can I also assume you only want the MAC to be learned in Voice VLAN, yes?

 

With port/interface set to VOIP, it is expecting the Voice traffic to be tagged, I believe.  Based upon what you are stating, some traffic must be being sent from the phone as untagged - the only way for Default VLAN to learn the MAC.

 

Why this is happening I have no idea, but if you want a simple easy way to cosmetically get rid of this, I would suggest you set MAC aging timer on Default VLAN to very small value, like 30 seconds or less, and see if this helps you.

 

From what I have read in this thread, I believe EX switch is working as designed, by my best guess.

 

Good luck.

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎09-28-2018 09:29 AM

Hi,

When the VOIP  Phone boots up, it initially doesn't know its VLAN and hence sends untagged traffic. When the Switch receives untagged traffic, it maps the mac address of the VOIP phone. The VOIP Phone even gets the IP of DATA VLAN after this, it reaches out to TFTP server and downloads the configuration. Now it knows the VOIP Vlan it belongs and then starts sending tagged traffic. The switch will learn the VOIP mac address in VOICE VLAN as well. It doesn't delete the entry because the port is still up and waits for MAC to age out.

 

Now all the above steps happen in a matter of seconds. However, the switch now have VOIP mac address mapped to both DATA and VOIP VLAN. If the switch doesn't age out VOIP's mac address in DATA VLAN then we should debug more to understand if this is software defect or some other issues.

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎06-25-2019 03:21 PM

srinireddy, this is a great explanation of what is going on with the voip phones.  We have the same problem here using Avaya. Thank you for the breakdown of the vlan assignment process. 

Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎03-13-2020 06:22 AM
  • The switch is working as expected.
  • IP phone and a PC connected in Daisy chain on a port.
  • IP phone initially sends untagged traffic.
  • PC/Laptop always sends untagged traffic and the MAC will sit on the data VLAN.
  • Since the IP phone frame is untagged, this MAC also will be learned in the DATA VLAN.
  • Once the IP phone gets the VLAN-ID through LLDP-MED or from a server, phone will start to tag the frames. And when this happens, the MAC will be learned in the Voice VLAN.
  • At this point, if the MAC-LIMIT is configured for 2, it will be triggered.
  • The IP phone MAC which was learned in the DATA VLAN will age out if the IP phone stops sending the frames untagged. Based on the feedback, this behavior differs between IP Phone vendors.
  • The MAC address will not age out if the untagged frames are seen on the interface and in this situation, MAC count on the port remains to be 3 (PC and IP Phone MAC in Data vlan and IP phone MAC in Voice VLAN)

 

 

  • Hence, we need to match the MAC-LIMIT according to the type/brand of IP phone connected on the port.
  • Before moving the device to another port, we need to use “clear ethernet-switching table” command to clear the persistent MAC address entry from the interface.
  • If you move the device and do not clear the persistent MAC address from the original port it was learned on, then the new port will not learn the MAC address of the device and the device will not be able to connect.
Regards,
Davidcz
Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

‎03-13-2020 10:17 AM
Nicely explained
Highlighted
Ethernet Switching

Re: Switch is learning IP Phone MAC on both voice and default vlan

3 hours ago
Before change:
> show ethernet-switching interfaces ge-0/0/40 detail
Interface: ge-0/0/40.0, Index: 209, State: up, Port mode: Access
Ether type for the interface: 0x8100
VLAN membership:
    DATA-7033-239, 802.1Q Tag: 239, untagged, msti-id: 0, unblocked
    VOICE-7033-139, 802.1Q Tag: 139, tagged, msti-id: 0, unblocked
Number of MACs learned on IFL: 3----->Total (3)
> show ethernet-switching table interface ge-0/0/40
Ethernet-switching table: 3 unicast entries
  VLAN              MAC address       Type         Age Interfaces
  DATA-7033-239     *                 Flood          - All-members
  DATA-7033-239     34:48:ed:b2:78:81 Learn          0 ge-0/0/40.0
  DATA-7033-239     4c:bc:48:2d:c2:2a Learn          0 ge-0/0/40.0
  VOICE-7033-139    *                 Flood          - All-members
  VOICE-7033-139    4c:bc:48:2d:c2:2a Learn          0 ge-0/0/40.0

 Config below 
#set ethernet-switching-options secure-access-port interface ge-0/0/40.0 mac-limit 2
#set ethernet-switching-options secure-access-port interface ge-0/0/40.0 mac-limit action drop
Output post config addition:
> show ethernet-switching table interface ge-0/0/40
Ethernet-switching table: 2 unicast entries
  VLAN              MAC address       Type         Age Interfaces
  DATA-7033-239     *                 Flood          - All-members
  DATA-7033-239     34:48:ed:b2:78:81 Learn          0 ge-0/0/40.0
  VOICE-7033-139    *                 Flood          - All-members
  VOICE-7033-139    4c:bc:48:2d:c2:2a Learn          0 ge-0/0/40.0
 
> show ethernet-switching interfaces ge-0/0/40 detail
Interface: ge-0/0/40.0, Index: 209, State: up, Port mode: Access
Ether type for the interface: 0x8100
VLAN membership:
    DATA-7033-239, 802.1Q Tag: 239, untagged, msti-id: 0, unblocked
    VOICE-7033-139, 802.1Q Tag: 139, tagged, msti-id: 0, unblocked
Number of MACs learned on IFL: 2
 
It works!
Feedback