IP Source Guard Cause Cisco IP phone lost connection

Answered Question
Sep 27th, 2010
User Badges:

Hi All:

recently, i have deployed some new 2960 stackable switch to replace 3750 switches(will be used in other location),

I enabled IP dhcp snooping, DAI and IPSG feature, some as previous configuration in 3750 switches.

I found some strange behavior.

I turned on IP dhcp snooping first, and run for a few days to make sure the switch has the binding entry for every clients/ip phone, (i manually reset the phone), then i enable DAI for data vlan and voice vlan, everything works fine.

finally, i enable IPSG, the ip phone with PC attached behind works fine, but some ip phones without pc attached lost connection and screen shows registering. i check the switch IPSG info, it shows

2960PT_21FLR_ES01#show ip verify source
Interface  Filter-type  Filter-mode  IP-address       Mac-address        Vlan
---------  -----------  -----------  ---------------  -----------------  ----
Gi1/0/21   ip           active                      53 
Gi1/0/21   ip           active       deny-all                                 34
Gi1/0/40   ip           active                      53 
Gi1/0/40   ip           active       deny-all                                 34
Gi1/0/41   ip           active                      53 
Gi1/0/41   ip           active                      34 
Gi2/0/7    ip           active                      53 
Gi2/0/7    ip           active                      34

[voice vlan 34, data vlan 53]

Gi1/0/21 is connecting to a phone without PC attached, and the phone works fine.

Gi1/0/40 is also connecting to a phone without PC attached, and lost connection immediately.

once i disable the IPSG at the respective port (gi1/0/40), the phone returns to normal.

--------switch configuration-----------

ip dhcp snooping vlan 34,53
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcpsnooping.dat
ip dhcp snooping database write-delay 15
ip dhcp snooping

ip arp inspection vlan 34,53

interface GigabitEthernet1/0/40
switchport access vlan 34
switchport mode access
switchport voice vlan 53
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
ip dhcp snooping limit rate 10

any one encountered the some problem before? any suggestion?

thanks a lot

Correct Answer by APatotski about 6 years 5 months ago

I have tried the version 12.2(55)SE1. This version is working properly.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
APatotski Thu, 11/04/2010 - 08:29
User Badges:

I have the same issue with IPSG. But in my case the IP phone and PC loose connection when PC is connected trough the phone. I'm using 2960S with 12.2.55SE. When the PC or phone are connected to switch separatly every thing is working fine. I have not found the solution yet.

APatotski Fri, 12/03/2010 - 07:06
User Badges:

I have consulted with Cisco TAC. They ansvered that this issue is related to the following bugs CSCtj11377

and CSCtj59404.

The workaround is to reload the switch. I have tried this and the IPSG is working properly after reload. But the issue arise again after disabling and enabling IPSG on the interface. I have desided to not using IPSG in production before the bug will be fixed.

jason_majie Sun, 12/05/2010 - 18:00
User Badges:

Hi Apatotski:

I searched the bug id and found it was

Fixed-In                                                          Fixed-in

have you tried these version?

btw, my switch is running of 12.2(55)SE version but still got the same problem.

thanks for your answer.


APatotski Mon, 12/06/2010 - 00:09
User Badges:

I have not tried this version yet. I will try and inform you about the results.

APatotski Mon, 12/06/2010 - 00:52
User Badges:

I have found that 12.2(55)SE1 is not published yet for download. So we need to wait when this version will be published.

jafarsadiq Thu, 12/09/2010 - 01:14
User Badges:

Dear Cisco Stars,

I do have the same issue with all my 250 New IP Phones connected on stacked 3750. I am currently running 12.2 53 SE2.

When i remove IPSG, the IP Phone works fine.

Please keep us posted with any possible developments..

Thanks a lot


jason_majie Tue, 12/28/2010 - 23:40
User Badges:

hi Apatotski:

merry x'mas~~

The version 12.2(55)se1 are available for downloading, you manage to find a chance to try it out??

please let me know, thanks a lot~~



APatotski Wed, 12/29/2010 - 00:50
User Badges:

I have not tried it. I will try and keep you updated.

Correct Answer
APatotski Sun, 01/02/2011 - 10:24
User Badges:

I have tried the version 12.2(55)SE1. This version is working properly.



jason_majie Sun, 01/09/2011 - 23:10
User Badges:

just roll out this version on a small site, so far it works fine.

Some laptop/PCs were not able to work, i just did a ipconfig/release & renew, then they started to work.



This Discussion