IP Source Guard Cause Cisco IP phone lost connection

Answered Question
Sep 27th, 2010

Hi All:

recently, i have deployed some new 2960 stackable switch to replace 3750 switches(will be used in other location),

I enabled IP dhcp snooping, DAI and IPSG feature, some as previous configuration in 3750 switches.

I found some strange behavior.

I turned on IP dhcp snooping first, and run for a few days to make sure the switch has the binding entry for every clients/ip phone, (i manually reset the phone), then i enable DAI for data vlan and voice vlan, everything works fine.

finally, i enable IPSG, the ip phone with PC attached behind works fine, but some ip phones without pc attached lost connection and screen shows registering. i check the switch IPSG info, it shows

2960PT_21FLR_ES01#show ip verify source
Interface  Filter-type  Filter-mode  IP-address       Mac-address        Vlan
---------  -----------  -----------  ---------------  -----------------  ----
Gi1/0/21   ip           active       10.167.153.112                      53 
Gi1/0/21   ip           active       deny-all                                 34
Gi1/0/40   ip           active       10.167.153.116                      53 
Gi1/0/40   ip           active       deny-all                                 34
Gi1/0/41   ip           active       10.167.153.166                      53 
Gi1/0/41   ip           active       10.167.134.103                      34 
Gi2/0/7    ip           active       10.167.153.160                      53 
Gi2/0/7    ip           active       10.167.134.164                      34

[voice vlan 34, data vlan 53]

Gi1/0/21 is connecting to a phone without PC attached, and the phone works fine.

Gi1/0/40 is also connecting to a phone without PC attached, and lost connection immediately.

once i disable the IPSG at the respective port (gi1/0/40), the phone returns to normal.

--------switch configuration-----------

ip dhcp snooping vlan 34,53
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcpsnooping.dat
ip dhcp snooping database write-delay 15
ip dhcp snooping

ip arp inspection vlan 34,53

interface GigabitEthernet1/0/40
switchport access vlan 34
switchport mode access
switchport voice vlan 53
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
ip dhcp snooping limit rate 10

any one encountered the some problem before? any suggestion?

thanks a lot

I have this problem too.
0 votes
Correct Answer by APatotski about 5 years 11 months ago

I have tried the version 12.2(55)SE1. This version is working properly.

Regards,

Aliaksandr

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
APatotski Thu, 11/04/2010 - 08:29

I have the same issue with IPSG. But in my case the IP phone and PC loose connection when PC is connected trough the phone. I'm using 2960S with 12.2.55SE. When the PC or phone are connected to switch separatly every thing is working fine. I have not found the solution yet.

APatotski Fri, 12/03/2010 - 07:06

I have consulted with Cisco TAC. They ansvered that this issue is related to the following bugs CSCtj11377

and CSCtj59404.

The workaround is to reload the switch. I have tried this and the IPSG is working properly after reload. But the issue arise again after disabling and enabling IPSG on the interface. I have desided to not using IPSG in production before the bug will be fixed.

jason_majie Sun, 12/05/2010 - 18:00

Hi Apatotski:

I searched the bug id and found it was

Fixed-In                                                          Fixed-in
12.2(55)SE1

have you tried these version?

btw, my switch is running of 12.2(55)SE version but still got the same problem.

thanks for your answer.

regards

APatotski Mon, 12/06/2010 - 00:09

I have not tried this version yet. I will try and inform you about the results.

APatotski Mon, 12/06/2010 - 00:52

I have found that 12.2(55)SE1 is not published yet for download. So we need to wait when this version will be published.

jafarsadiq Thu, 12/09/2010 - 01:14

Dear Cisco Stars,

I do have the same issue with all my 250 New IP Phones connected on stacked 3750. I am currently running 12.2 53 SE2.

When i remove IPSG, the IP Phone works fine.

Please keep us posted with any possible developments..

Thanks a lot

Jafy

jason_majie Tue, 12/28/2010 - 23:40

hi Apatotski:

merry x'mas~~

The version 12.2(55)se1 are available for downloading, you manage to find a chance to try it out??

please let me know, thanks a lot~~

regards

Jason

Correct Answer
APatotski Sun, 01/02/2011 - 10:24

I have tried the version 12.2(55)SE1. This version is working properly.

Regards,

Aliaksandr

jason_majie Sun, 01/09/2011 - 23:10

just roll out this version on a small site, so far it works fine.

Some laptop/PCs were not able to work, i just did a ipconfig/release & renew, then they started to work.

thanks

Actions

This Discussion