Hi, We are having a hard-time trying to produce a viable upgrade path for the recent 2960 fixes we implemented.
Context: We discovered recently that recent 2960 firmware 12.2(52)SE+ don't work well when used in Port-Security with Voice over IP (VoIP) with PacketFence. Since recent switches come with a bootloader that's more recent than 12.2(52) asking people to downgrade (like we did in the past) is no longer an option. We tried our best to find a fixed IOS or a fix for our own module that didn't involve configuration changes but we couldn't. So far the fix is quite painful: - module changes - configuration changes - IOS update (if you were pre-12.2(52)) The 'PF' workaround: In a nutshell, we are treating VoIP devices like a normal device except that it belongs to the Voice VLAN. Previously we were doing dynamic port-security on these devices and relying on CDP to appropriately detect the Voice nature of the device. Config changes are: - add a maximum 1 vlan voice - set a fake VoIP MAC on vlan voice On each VoIP enabled port for each switch. If you have *any* ideas at this point they will be appreciated! We don't want to force an IOS upgrade, PacketFence update and switch configuration change to keep things running as they were but it looks like there's no way to work-around Cisco's changes this time... -- Olivier Bilodeau obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Packetfence-devel mailing list Packetfence-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-devel
