NM-ESW lost access to accessvlan when voice vlan is configured.

Unanswered Question
Aug 11th, 2007


For the sake of me I can't figure this out. I have a NM-ESW 16 port in a 2811 with IOS 12.4(11)XJ4. I need to connect IP phones and PC behind them in the classic access + voice VLAN configuration.

What happens, is that as soon the voice vlan is configured on the NM-ESW interface, I loose communication to with the access vlan. See how all the mac-address related toVLAN 2 disapperas.

This happens either whit an IP phone connected to the NM-ESW and a singlePC behing the phone, or a non-cisco switch connected to the NM-ESW.

See the attached log and configuration.

I've tried anything, cdp enable/disable, changing vlan, removing the BVI that I need to wireless, no change. I would really use some help here before going to the TAC.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sat, 08/11/2007 - 12:13


This does seem pretty strange. It looks like you have several other interfaces configured for voice VLAN without problem. So I wonder what is different about FastEthernet1/14? What is connected there that you are learning 11 MAC addresses from?

Mr first guess at the issue starts from the observation that VLAN 2 has spanning-disabled

and FastEthernet1/14 has portfast. Is it possible that something that is connected on FastEthernet1/14 creates a loop when voice vlan is configured?



Paolo Bevilacqua Sat, 08/11/2007 - 13:43

Thanks Rick,

there is no loop. There is a dell switch connected to Fa1/14, this switch supports STP but not VLANs. Nothing else is connected to the NM-ESW, because of this problem that prevents connecting the phones directly.

Interface VLAN2 shows STP disabled for bridge-group 1, but STP is enabled at NM-ESW level, see below. However, STP appears disabled at NM-ESW level for VLAN4, not sure why.

If I connect the phone to another port in the NM-ESW, the result is exactly the same: the module stops learning access vlan MACs as soon voice vlan is configured. This test, apparently places the non-cisco switch out of the equation.

Previously I was using vlan 1 instead of vlan 2 for access, and the situation was exactly the same.

haiti-oficina#show spanning-tree

VLAN2 is executing the ieee compatible Spanning Tree protocol

Bridge Identifier has priority 32768, address 001b.2ae0.0eb8

Configured hello time 2, max age 20, forward delay 15

Current root has priority 32768, address 000d.5410.c918

Root port is 55 (FastEthernet1/14), cost of root path is 19

Topology change flag not set, detected flag not set

Number of topology changes 1 last change occurred 00:35:11 ago

Times: hold 1, topology change 35, notification 2

hello 2, max age 20, forward delay 15

Timers: hello 0, topology change 0, notification 0, aging 300

Port 55 (FastEthernet1/14) of VLAN2 is forwarding

Port path cost 19, Port priority 128, Port Identifier 128.55.

Designated root has priority 32768, address 000d.5410.c918

Designated bridge has priority 32768, address 000d.5410.c918

Designated port id is 128.7, designated path cost 0

Timers: message age 1, forward delay 0, hold 0

Number of transitions to forwarding state: 1

BPDU: sent 9, received 12963

The port is in the portfast mode

Richard Burts Sat, 08/11/2007 - 17:46


Thanks for the additional information. I am thinking about your statement that the Dell switch connected to FA1/14 does not support VLANs and wondering what happens when your switch attempts to do voice VLAN on FA1/14 which presents 2 VLANs on the interface. I admit that my experience with voice VLAN is pretty thin but I am wondering if your switch is sending BPDU on VLAN 2 and on VLAN 4 and if the Dell thinks that it is detecting a loop and putting its interface into blocking mode? Is there a way to check on the Dell switch?

I also note that the root of the spanning tree is 000d.5410.c918 which I assume is the Dell switch. I wonder if any behavior would change if you configured your switch module to become the root of the spanning tree?



Paolo Bevilacqua Sun, 08/12/2007 - 02:12

Hi Rick,

You are following the same line of thinking that I had followed already :)

I came to the conclusion that Dell switch has nothing to do with the problem. When I connect an IP phone directly to the NM-ESW with a single PC connected to the the phone, the same thing happens, that is, no more MAC for access VLAN are learn by the port.

I have also tried configuring the NM-ESW as root bridge, and no change.

My theory, not proved by hard facts, is that as soon voice vlan is configured, and the port actually becomes a trunk, it expects to received tagged frames for the access vlan instead of native untagged. I have no idea why that would be the rationale for that, as it doesn't happen on any switch that I've installed so far.

I said at the beginning this seems a weird one, to make things harder, router is in a *very remote* location with a slow satellite connection!

Paolo Bevilacqua Fri, 08/17/2007 - 15:11

I think I've found the solution to this.

What happens, is that etherswitches modules are *not* like the switches. A port connected to a phone *cannot* be in access mode if you want connectivity to PC behind the phone. The switchport must be set to trunk.

After I did that, it's OK on the port connected to an external switch mentioned above.


This Discussion