[f-nsp] protecting from network loops due to IP phones

[Raja Subramanian]

Hi,

We are running multiple SX1600 switches in our access layer and have
several Cisco IP phones and desktops connected to dual-mode ports.
The devices are connected in this order: SX1600 -- IP phone -- end
user desktop.

Many of our desks have 2 ethernet points, one dual mode for voice/data
and the other in a different data VLAN.  Sometimes the end user
incorrectly connects both ports on the IP phone back to the switch and
create a network loop between the voice/data and data VLANs.  STP and
VRRPe (on the core) go wild and half our network stops working until
we manually remove the loop.

Ideally we want to shutdown such ports into an error disabled state
and save a larger network outage.  BPDU Guard is not supported on
tagged ports, is there any other option we can use?

How do you guys handle this in your networks?

Thanks in advance.

- Raja