We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

460 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. I configured the switch port for voice and data vlans. I was trying to use IP source guard for this port but it was failing. I can see the phone IP address in the DHCP binding table but the IP source guard was failing. I configured static binding for the IP phone and it was working.
    Any suggestion to solve this issue without using the static binding ?

  2. Hello Hind

    In order for IP source guard to function with a voice VLAN, DHCP snooping must be enabled on that voice VLAN. Take a look at the following documentation from Cisco:

    https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html#78545

    When you say IP Source Guard was failing, what do you mean exactly? If the issue was

    ... Continue reading in our forum

  3. Hi Laz,

    When the voip phone comes up it will boot as vlan 10 (data vlan). the port is configured to authenticate via ISE server. ISE will notice the mac address is for VOIP phone and will change the vlan from vlan 10 (data vlan) to vlan 20 (voice vlan).
    VOIP phones configured to use dhcp to get the IP address. I am able to see the voip ip address in the dhcp sooping binding but the phone ip address is no longer pingable.
    I think IP source guard feature blocking the VOIP phone as its using 2 vlans for same MAC address.
    Any idea how to fix this issue ?

  4. Hello Dongsok,
    in GNS3 you can test IPSG only with checking IP address. It does not work while you wanna check the source MAC address.

    I tested this with VIRL vios_l2-adventerprisek9-m.03.2017.qcow2 image.

  5. Hello Hind

    When using ISE and voice and data VLANs on the same interface, there are some additional precautions that you should take. Specifically, these can be found at this Cisco Documentation.

    Look especially at steps 5 through 7 in the procedure described.

    To be honest, I haven’t configured voice and data VLANs along with authentication with ISE and IP source guard with an IP telephony implementation, but I’m hoping this may be helpful for you…

    Laz

3 more replies! Ask a question or join the discussion by visiting our Community Forum