[cisco-voip] cisco IP Phone causes stp loop.

Wed Jul 4 05:30:02 EDT 2007

Got this reply...

========
As far as i know, no solution exists for this race around condition.

If two "port fast" enabled ports are looped, it will create a mess in the
network.
Because the switch will never send a BPDU via a port fast enabled port.
Hence there is no way the switch can detected that both the ports are
looped.
It is better to disable the port fast in this scenario.
If you encounter any solution, kindly keep us all posted.
=======

*Problem is*, if portfast is disabled, pc's/phones uptime will be delayed.
This is also in conflict with cisco's SRND of enabling portfast.

There should be some way to work this out. Any ideas?

Thanks,
Jeff

On 7/4/07, Jefflin Choi <jefflin.choi at gmail.com> wrote:
>
> Hi Lee,
>
> BPDU Guard is enabled by default as far as i know on CE500.
> This has come into my mind and checked the switch thus the reason why i
> ask if the IP Phone is sending BPDU. If not, BPDU guard will be just
> useless.
>
> Anyway, checking cisco netpro forum, someone has encountered the same
> issue. Unfortunately no resolution.
>
> The reply was:
> "Question1: Yes, IP phones donot send BPDU's.You can enable BPDU guard and
> it does not shut the port down when an IP Phone is connected. "
>
> Any ideas how to overcome this vulnerability?
> It seems that it is not only on cisco  CE500 only but on all types of
> cisco switches.
>
> Thanks,
> Jeff
>
>
> On 7/4/07, Lee Pedder <lee.pedder at gmail.com> wrote:
> >
> > I can't offer specific advice on the CE500 switch, but on other cisco
> > switches there is a bpduguard feature that you need to enable if you
> > are using spanning-tree portfast. This will shutdown a port on receipt
> > of a BPDU (such as one received from itself on another port).
> >
> > On 04/07/07, Jefflin Choi <jefflin.choi at gmail.com > wrote:
> > > Ahmed,
> > >
> > > The users are using PC connected to the IP phones. Someone
> > non-technical
> > > plugged both connections to the switch instead of one cable to the PC.
> > >
> > > Educating end users to plug the ip phones to the correct devices is
> > simple
> > > but this is a security risk which can cause sabotage of the network.
> > >
> > > Matt,
> > >
> > > I do not see how "Try turning off GARP on the phone, disable web
> > access and
> > > turn off voice vlan access." can help. Can you explain why this will
> > help
> > > solve the problem.
> > >
> > > First, web access can be disabled. No problem with it. I can't see the
> > > relation with the loop though.
> > >
> > > second voice vlan access, you mean to say not to allow the voice vlan
> > on the
> > > trunk?
> > >
> > > Thanks,
> > > Jeff
> > >
> > >
> > >
> > >
> > > On 7/4/07, Ahmed Elnagar <aelnagar at act-eg.com> wrote:
> > > >
> > > >
> > > >
> > > > Well, I was not trying to answer the Q. I was just sharing my
> > dislikeness
> > > of this switch as I had alot o problems with it :), sepically with
> > vlans
> > > trunking. I had it running with IP Phones normally with no problem.
> > > changeing the port role on the switch sometimes it helps, but I dont
> > think
> > > in ur case. but what I got from ur words seems that the users is not
> > using a
> > > PC connected to th phone (otherwise they will connect 2 cables from
> > the
> > > switch) if that is the case try to disable the PC port of the IP
> > Phone.
> > > >
> > > >
> > > >
> > > > Thanks and Best Regards
> > > >
> > > > Ahmed A. Elnagar
> > > > Network Engineer Specialist
> > > >
> > > > Advanced Computer Technology (ACT)
> > > > 16 Fawzy Ramah St.Off Shehab St.Mohandessin, Giza, Egypt
> > > > Postal Code:12411 Cairo Egypt
> > > >
> > > > Mob : +2010-2833868
> > > > Website: www.act-eg.com
> > > > E-mail: aelnagar at act-eg.com
> > > >
> > > > ________________________________
> > >  From: cisco-voip-bounces at puck.nether.net on behalf of Matt
> > > Slaga (US)
> > > > Sent: Tue 03-Jul-07 3:25 PM
> > > > To: Ahmed Elnagar; Jefflin Choi; cisco-voip at puck.nether.net
> > > > Subject: Re: [cisco-voip] cisco IP Phone causes stp loop.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Wow, that reply should help you solve that problem lickety split!
> > > >
> > > >
> > > >
> > > > Try turning off GARP on the phone, disable web access and turn off
> > voice
> > > vlan access.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > From: cisco-voip-bounces at puck.nether.net
> > > [mailto:cisco-voip-bounces at puck.nether.net ] On Behalf Of
> > > Ahmed Elnagar
> > > > Sent: Tuesday, July 03, 2007 3:25 AM
> > > > To: Jefflin Choi; cisco-voip at puck.nether.net
> > > > Subject: Re: [cisco-voip] cisco IP Phone causes stp loop.
> > > >
> > > >
> > > >
> > > > Just a note
> > > >
> > > > I Hate 500 Express it is a very bad switch and it has a lot of
> > strange
> > > configuration setting plus no useful troubleshooting capabilities at
> > all.
> > > >
> > > >
> > > >
> > > > ________________________________
> > >
> > > >
> > > > From: cisco-voip-bounces at puck.nether.net
> > > [mailto: cisco-voip-bounces at puck.nether.net] On Behalf Of
> > > Jefflin Choi
> > > > Sent: Tuesday, July 03, 2007 9:56 AM
> > > > To: cisco-voip at puck.nether.net
> > > > Subject: [cisco-voip] cisco IP Phone causes stp loop.
> > > >
> > > >
> > > >
> > > >
> > > > Hi all,
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Some end user plugged the pc port and switch port of an IP Phone to
> > a
> > > Catalyst CE500 port at the same time causing our client's switch on a
> > loop.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > CE500--------7912 IP Phone
> > > >
> > > >
> > > >   |                        |
> > > >
> > > >
> > > >   |------------------------|
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > We can't prevent end user making accidental mistakes like this which
> > might
> > > cause network failure.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > I was wondering if Cisco IP phones are sending BPDU so that the
> > CE500 will
> > > errdisable the port. Doesn't it?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Any way to prevent the this from happening?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Thanks,
> > > >
> > > >
> > > > Jeff
> > > >
> > > >
> > > >
> > > >
> > > > ________________________________
> > >
> > > >
> > > >
> > > >
> > > > Disclaimer: This e-mail communication and any attachments may
> > contain
> > > confidential and privileged information and is for use by the
> > designated
> > > addressee(s) named above only. If you are not the intended addressee,
> > you
> > > are hereby notified that you have received this communication in error
> > and
> > > that any use or reproduction of this email or its contents is strictly
> > > prohibited and may be unlawful. If you have received this
> > communication in
> > > error, please notify us immediately by replying to this message and
> > deleting
> > > it from your computer. Thank you.
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > cisco-voip mailing list
> > > cisco-voip at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-voip
> > >
> > >
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20070704/6b6d97b7/attachment-0001.html 