Hi all,
we have a PowerConnect 5548 switch here that is only used for IP phones.
To be sure that no other device works at a port of the switch a mac based ACL was created.
It is applied to port gi1/0/1 which is connected to the router with a DHCP server and looks like that:
mac access-list extended mac-voip-devices-acl1
permit 00:08:5d:00:00:00 00:00:00:ff:ff:ff any vlan 21
permit any 00:08:5d:00:00:00 00:00:00:ff:ff:ff vlan 21
permit 00:0e:08:00:00:00 00:00:00:ff:ff:ff any vlan 21
permit any 00:0e:08:00:00:00 00:00:00:ff:ff:ff vlan 21
....
.... some more ACE
....
....
deny any any vlan 21
exit
All the phones with a MAC address of the specified ranges are working fine.
No we got a new IP phone that does not belong to any of these MAC address ranges so I created a new entry. Now it looks like this:
mac access-list extended mac-voip-devices-acl1
permit 00:08:5d:00:00:00 00:00:00:ff:ff:ff any vlan 21
permit any 00:08:5d:00:00:00 00:00:00:ff:ff:ff vlan 21
permit 00:0e:08:00:00:00 00:00:00:ff:ff:ff any vlan 21
permit any 00:0e:08:00:00:00 00:00:00:ff:ff:ff vlan 21
....
.... some more ACE
....
....
permit bc:c3:42:00:00:00 00:00:00:ff:ff:ff any vlan 21
permit any bc:c3:42:00:00:00 00:00:00:ff:ff:ff vlan 21
deny any any vlan 21
exit
Unfortunatly this phone does not get an IP address of the DHCP server when the ACL is applied.
As soon as I remove the ACL from the port the phone gets an IP address and works. When I set a static IP address in the managment interface of the phone it also work.
Could you tell me what I am doing wrong?
Best regards
Marco