[cisco-voip] cisco IP Phone causes stp loop.
Ahmed Elnagar
aelnagar at ACT-EG.COM
Wed Jul 4 07:35:11 EDT 2007
I have just something came to my mind. in old configuration of IP Telephony the attached port was configured to be trunk not access port, maybe that could help in solving this here is the configuration:
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 2
this puts the voice traffic in vlan2. If u need to create data vlan just change the native vlan on that trunk to whatever u want. the delay that u r talking about when portfast is disabled only happens one time when powering on the devices that connect to the switch and if it is going to work this delay will be much more better than having a loop in the network.
Thanks and Best Regards
Ahmed A. Elnagar
Network Engineer Specialist
Advanced Computer Technology (ACT)
16 Fawzy Ramah St.Off Shehab St.Mohandessin, Giza, Egypt
Postal Code:12411 Cairo Egypt
Mob: +2010-2833868
Website: www.act-eg.com
E-mail: aelnagar at act-eg.com
________________________________
From: cisco-voip-bounces at puck.nether.net on behalf of Jefflin Choi
Sent: Wed 04-Jul-07 12:30 PM
To: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] cisco IP Phone causes stp loop.
Got this reply...
========
As far as i know, no solution exists for this race around condition.
If two "port fast" enabled ports are looped, it will create a mess in the network.
Because the switch will never send a BPDU via a port fast enabled port. Hence there is no way the switch can detected that both the ports are looped.
It is better to disable the port fast in this scenario.
If you encounter any solution, kindly keep us all posted.
=======
Problem is, if portfast is disabled, pc's/phones uptime will be delayed. This is also in conflict with cisco's SRND of enabling portfast.
There should be some way to work this out. Any ideas?
Thanks,
Jeff
On 7/4/07, Jefflin Choi <jefflin.choi at gmail.com> wrote:
Hi Lee,
BPDU Guard is enabled by default as far as i know on CE500.
This has come into my mind and checked the switch thus the reason why i ask if the IP Phone is sending BPDU. If not, BPDU guard will be just useless.
Anyway, checking cisco netpro forum, someone has encountered the same issue. Unfortunately no resolution.
The reply was:
"Question1: Yes, IP phones donot send BPDU's.You can enable BPDU guard and it does not shut the port down when an IP Phone is connected. "
Any ideas how to overcome this vulnerability?
It seems that it is not only on cisco CE500 only but on all types of cisco switches.
Thanks,
Jeff
On 7/4/07, Lee Pedder <lee.pedder at gmail.com > wrote:
I can't offer specific advice on the CE500 switch, but on other cisco
switches there is a bpduguard feature that you need to enable if you
are using spanning-tree portfast. This will shutdown a port on receipt
of a BPDU (such as one received from itself on another port).
On 04/07/07, Jefflin Choi < jefflin.choi at gmail.com <mailto:jefflin.choi at gmail.com> > wrote:
> Ahmed,
>
> The users are using PC connected to the IP phones. Someone non-technical
> plugged both connections to the switch instead of one cable to the PC.
>
> Educating end users to plug the ip phones to the correct devices is simple
> but this is a security risk which can cause sabotage of the network.
>
> Matt,
>
> I do not see how "Try turning off GARP on the phone, disable web access and
> turn off voice vlan access." can help. Can you explain why this will help
> solve the problem.
>
> First, web access can be disabled. No problem with it. I can't see the
> relation with the loop though.
>
> second voice vlan access, you mean to say not to allow the voice vlan on the
> trunk?
>
> Thanks,
> Jeff
>
>
>
>
> On 7/4/07, Ahmed Elnagar < aelnagar at act-eg.com <mailto:aelnagar at act-eg.com> > wrote:
> >
> >
> >
> > Well, I was not trying to answer the Q. I was just sharing my dislikeness
> of this switch as I had alot o problems with it :), sepically with vlans
> trunking. I had it running with IP Phones normally with no problem.
> changeing the port role on the switch sometimes it helps, but I dont think
> in ur case. but what I got from ur words seems that the users is not using a
> PC connected to th phone (otherwise they will connect 2 cables from the
> switch) if that is the case try to disable the PC port of the IP Phone.
> >
> >
> >
> > Thanks and Best Regards
> >
> > Ahmed A. Elnagar
> > Network Engineer Specialist
> >
> > Advanced Computer Technology (ACT)
> > 16 Fawzy Ramah St.Off Shehab St.Mohandessin, Giza, Egypt
> > Postal Code:12411 Cairo Egypt
> >
> > Mob : +2010-2833868
> > Website: www.act-eg.com <http://www.act-eg.com/>
> > E-mail: aelnagar at act-eg.com
> >
> > ________________________________
> From: cisco-voip-bounces at puck.nether.net on behalf of Matt
> Slaga (US)
> > Sent: Tue 03-Jul-07 3:25 PM
> > To: Ahmed Elnagar; Jefflin Choi; cisco-voip at puck.nether.net
> > Subject: Re: [cisco-voip] cisco IP Phone causes stp loop.
> >
> >
> >
> >
> >
> > Wow, that reply should help you solve that problem lickety split!
> >
> >
> >
> > Try turning off GARP on the phone, disable web access and turn off voice
> vlan access.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > From: cisco-voip-bounces at puck.nether.net
> [mailto:cisco-voip-bounces at puck.nether.net ] On Behalf Of
> Ahmed Elnagar
> > Sent: Tuesday, July 03, 2007 3:25 AM
> > To: Jefflin Choi; cisco-voip at puck.nether.net
> > Subject: Re: [cisco-voip] cisco IP Phone causes stp loop.
> >
> >
> >
> > Just a note
> >
> > I Hate 500 Express it is a very bad switch and it has a lot of strange
> configuration setting plus no useful troubleshooting capabilities at all.
> >
> >
> >
> > ________________________________
>
> >
> > From: cisco-voip-bounces at puck.nether.net
> [mailto: cisco-voip-bounces at puck.nether.net] On Behalf Of
> Jefflin Choi
> > Sent: Tuesday, July 03, 2007 9:56 AM
> > To: cisco-voip at puck.nether.net
> > Subject: [cisco-voip] cisco IP Phone causes stp loop.
> >
> >
> >
> >
> > Hi all,
> >
> >
> >
> >
> >
> > Some end user plugged the pc port and switch port of an IP Phone to a
> Catalyst CE500 port at the same time causing our client's switch on a loop.
> >
> >
> >
> >
> >
> > CE500--------7912 IP Phone
> >
> >
> > | |
> >
> >
> > |------------------------|
> >
> >
> >
> >
> >
> >
> > We can't prevent end user making accidental mistakes like this which might
> cause network failure.
> >
> >
> >
> >
> >
> > I was wondering if Cisco IP phones are sending BPDU so that the CE500 will
> errdisable the port. Doesn't it?
> >
> >
> >
> >
> >
> > Any way to prevent the this from happening?
> >
> >
> >
> >
> >
> > Thanks,
> >
> >
> > Jeff
> >
> >
> >
> >
> > ________________________________
>
> >
> >
> >
> > Disclaimer: This e-mail communication and any attachments may contain
> confidential and privileged information and is for use by the designated
> addressee(s) named above only. If you are not the intended addressee, you
> are hereby notified that you have received this communication in error and
> that any use or reproduction of this email or its contents is strictly
> prohibited and may be unlawful. If you have received this communication in
> error, please notify us immediately by replying to this message and deleting
> it from your computer. Thank you.
> >
> >
> >
> >
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20070704/034ae59b/attachment-0001.html
More information about the cisco-voip
mailing list