Phone ports and portfast

Unanswered Question
Aug 25th, 2009
User Badges:


I had a switchport shut down today due to an unexpected bpdu - and I have bpduguard enabled. Turns out it was a 7940 phone on that the 7940's send bpdu's or would someone have to have plugged something into the switchport on the phone for this to happen?

Should portfast be disabled on ports with phones?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Edison Ortiz Tue, 08/25/2009 - 09:38
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

No, IP Phone do not send BPDUs as they don't run any Spanning-Tree (just a note; dumb hubs do not send BPDUs either).

Having the switchport with BPDUguard prevented a loop in your network and you must keep it active on host facing switchports.

Portfast must be enabled on host facing switchports as this feature speed up the process for obtaining vital information such as DHCP IP.




rcoote5902_2 Tue, 08/25/2009 - 10:45
User Badges:

So what you're saying is something other than the phone had to have been plugged into that port?

Edison Ortiz Tue, 08/25/2009 - 10:46
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Yes, most likely was a switch.

jbrenesj Tue, 08/25/2009 - 13:01
User Badges:
  • Silver, 250 points or more

It has happened that the user sitting at the desk where the IP phone is connects one of the free cables connected to another jack to the "computer port" on the IP phone and of course the cable from the jack is connected to a switchport, this will trigger the bdpuguard violation. All of this is good because otherwise it could have caused a network loop.

Francois Tallet Tue, 08/25/2009 - 13:11
User Badges:
  • Gold, 750 points or more

Actually, I would like to chime in here.

BPDU guard is a matter of enforcing a policy, not preventing loop. It's not because that you received a BPDU that there was redundancy. And if there is redundancy detected in the content of a BPDU, STP is responsible for breaking the loop.

So don't consider that BPDUguard saved you from a loop. BPDU guard reacted to a security policy that prevents a device running STP from connecting to your access port.



rcoote5902_2 Tue, 08/25/2009 - 14:04
User Badges:

I'd agree. I've enabled BPDUguard to prevent people from bringing home switches/wireless devices and plugging them in.

When we've had users loop their phone back into the network the port just disables with a general loopback error.


This Discussion