Looping Occured due to PC Port of IP Phone

Unanswered Question
Jul 1st, 2008

Hi,

In my network, we have 4507, 4510 & 3750 switches and also cisco IP Phones.

In all the switch ports i have given the command -

switchport voice vlan 10

and data vlan is default vlan 1 (expect trunk port)

So we do connect the ip phones to lan port at the desk and from ip phone pc port to laptops.

More than twice i have seen users without knowing they connect the cable from lan port at the desk to the pc port of the ip phone. This causes loop in the network.

Once loop occured all the switches cpu utilization goes to 100%,as a result i get high ping response

to the switches and causing entire lan down.

Moreover i have not enabled or given the command

spanning-tree portfast -- on any of the switch ports.

Once this happens i have to see which port has gone to blocked port or which port light has become amber and then trace out.

This there any other way to avoid this ??????

This there any such commands which helps me in switches not going to 100% cpu utilization??????

In total is there any solution for this.????

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
dknov Mon, 07/07/2008 - 10:55

Hi Jagadish,

Cisco IP Phones have a 3 ports switch inside them. One port for network uplink, one port for PC and one port to internal IP Phone ASIC.

This 3 ports switch does not run Spanning-Tree protocol, BUT it does pass the BPDUs across the ports, so when you "loop" by connecting both PC and network ports to your network, your switches will detect the loop and move one of the ports to blocking.

This exactly what you're describing.

If one of the ports becomes blocked (as it should), there should be no loop, so it is puzzling to me.

Are you sure that one of the ports connected to that IP Phone goes to blocking?

BTW, you SHOULD be using portfast feature, cause otherwise you force your users (and IP phones) into unnecessary 30 seconds delay when the port comes up...

David

Jagsuvce G Mon, 07/07/2008 - 20:45

Dear David thanks for your response,

Yes you got my problem correctly.

PC Port of the IP Phone which is connected to my switch port(throu network port)gets blocked as soon as Loop has occured.

Even i have seen that the switch ports will become orange and in that switch if i see

"sh spanning-tree blockedports i will see that port is blocked.

My only problem at this stage is my Switch CPU goes to 100% and ping response to my switch will be high(More than 200 or 300 ms).At this stage my lan will be slow and my in my ip phones i do find lot of voice cracks becos this high ping response.

This sunday i my self purposefully looped by connecting PC Port of the IP Phone to the switch, then switch port went to blocking stage. One strange this was my switch CPU Utilization was fine, it didnt go above. This might be becos of it was sunday.

I will enable

Spanningtree portfast

Spanningtree portfast bpduguard enable

This should be fine right.

Pls let me know is there any other configs to be done.

Thanks & Regards,

Jagadish G

dknov Tue, 07/08/2008 - 10:52

Jagadish,

If you use "Spanningtree portfast bpduguard enable" you can expect one of the ports to be error-disabled instead of blocked. This is a normal behavior for this feature. You would either need to issue "shut" and then "no shut" to bring it back UP or use error-disable timeout command.

Oviously, you will need to break the loop before recovering otherwise it will be error disabled again :-)

If the port is blocked there is no loop.... so you might hitting two options:

1. IOS bug that some traffic still leaks through a blocked port. Blocked ports should not transmit any traffic (this what breaks the loop), but they listen to BPDUs just in case they need to transition to forwarding.

2. This is a coincidence and dually plugging your phone to the network has nothing to do with it. If you can consistently tie this event to the network outage, then it's probably related and then maybe only option 1 exists.

Both options are difficult to identify. TAC will most likely not be of much help, but you can give them a try :-)

HTH.

David

Jagsuvce G Tue, 07/08/2008 - 20:36

Hi David,

I think i will go thro with the bpduguard enable which will err disable the port. This will help me.

I was not knowing that if i enable bpduguard this will err disable the port.

One more thing is any free cisco network management tool which i can use for monitoring of routers and switches cpu, memory and bandwidth utilization. Pls let me know if any.

Thanks for your kind response.

Thanks & Regards,

Jagadish G

Actions

This Discussion