Guest

Preview Tool

Cisco Bug: CSCus15722 - 3905 Second Port Status TLV

Last Modified

Feb 06, 2017

Products (1)

  • Cisco Unified IP Phone 6900 Series

Known Affected Releases

9.4(1)SR1

Description (partial)

Symptom:
The security policy violation occurs, if the host is being connected via Cisco IP Phone and then reconnecting directly to another port on the same switch.
The MAC address of this host is not flushed from the table and is still mapped to be learned via previous access port (where IP Phone attached), so port-security policy violation occurs.

It happens because 3905 phone is not changing Second Port Status TLV

For CP-3905:

Capabilities: 0x00000290
VoIP Phone
Host
CVTA Phone Port <== !!!

No second port status TLV (value is 0x001c), because bit 10 is unset

***********************

For CP-7861:

Capabilities: 0x00000490
VoIP Phone
Host
Two-port MAC Relay <== !!!

Second Port Status TLV (0x001c):

when host is attached and phone's port is UP:
00 01 82 (UP, full/duplex, 100 Mb/s)

when host is detached and phone's port is DOWN:
00 02 00 (DOWN)

Conditions:
Port security enabled switch and the 3905 phone with PC connected to its internal switch
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.