What is the problem with this configuration?

Refer to the exhibit.

What is the problem with this configuration?

Refer to the exhibit.

What is the problem with this configuration?

A.
Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.

B.
Sticky secure MAC addresses cannot be used on a port when a voice VLAN is
configured.

C.
Spanning tree PortFast cannot be configured on a port when a sticky secure MAC
address is used.

D.
The switch port must be configured as a trunk.

Explanation:
These are the voice VLAN configuration guidelines according to Cisco:
• You should configure voice VLAN on switch access ports.
• The voice VLAN should be present and active on the switch for the IP phone to correctly
communicate on the voice VLAN.
• The Port Fast feature is automatically enabled when voice VLAN is configured. When
you disable voice VLAN, the Port Fast feature is not automatically disabled.
• When you enable port security on an interface that is also configured with a voice VLAN,
you must set the maximum allowed secure addresses on the port to at least two plus the
maximum number of secure addresses allowed on the access VLAN. When the port is
connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The

address of the IP phone is learned on the voice VLAN, and it might or might not be learned
on the access VLAN. Connecting a PC to the IP phone requires additional MAC addresses.
• If any type of port security is enabled on the access VLAN, dynamic port security is
automatically enabled on the voice VLAN.
• You cannot configure port security on a per-VLAN basis.
• You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_22_ea2/c
onfiguration/guide/swvoip.html



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Cisco Jedi

Cisco Jedi

To add on to explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/commmand/reference/3750cr/cli3.html#pgfId-1948361

Usage Guidelines

A secure port has the following limitations:

A secure port can be an access port or a trunk port; it cannot be a dynamic access port.
A secure port cannot be a routed port.
A secure port cannot be a protected port.
A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
A secure port cannot be a private VLAN port.
A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
You cannot configure static secure or sticky secure MAC addresses in the voice VLAN.
When you enable port security on an interface that is also configured with a voice VLAN, set the maximum allowed secure addresses on the port to two. When the port is connected to a Cisco IP phone, the IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the Cisco IP phone.
Voice VLAN is supported only on access ports and not on trunk ports.
When you enter a maximum secure address value for an interface, if the new value is greater than the previous value, the new value overrides the previously configured value. If the new value is less than the previous value and the number of configured secure addresses on the interface exceeds the new value, the command is rejected.
The switch does not support port security aging of sticky secure MAC addresses.