Avaya phone and loop

Unanswered Question

I had some issues yesterday with someone plugging in an Avaya phone to the network using both network connection on the phone. The phone plugged into a stack of 3750 PoE switches and those switches connected to two 3750 Metro swtiches. The Metro switches connected to DWDW and thrue that they connected to the Data Center that has 6509s also connected to DWDM. Here is the configuration of one of the ports from the 3750PoE switch:

interface FastEthernet1/0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 232
switchport trunk allowed vlan 232,800,832
switchport mode trunk
switchport voice vlan 832
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust cos
auto qos voip trust
no mdix auto
no cdp enable
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
!

Is there anything else that I could configure on the interfaces that would take the interfaces down if someone does the same thing again?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I hope that is not the config for the switch port connected to the Avaya Phone.

I would configure the switchport connected to the phone as:-

spanning-tree bpdufilter enable - makes sense
spanning-tree bpduguard enable - make sense

errdisable detect cause bpduguard - detect and err-disable the port on loop detection

Interface FastEthernet1/0/3

switchport access vlan <>

switchport voice vlan <>

And that is all.

You are using:-

- mls qos trust cos - I hope you have configured the CM to supply the phone COS/DSCP values.

- auto qos voip trust - should be used for used for Cisco Phones ideally

- switchport trunk encapsulation dot1q - you should only need this on an Avaya Phone that does not support trunking, or a switch that does not have the  AUX vlan feature.

- srr-queue bandwidth shape  10  0  0  0 - you want to give the Avaya Phone 10 Mbs in the priority queue?? Why? the heavest codec is G711 and 1 call is only 170Kbs.

The problem is that we have an Avaya PBX system. You should see the DHCP option 252 for this beast. I forgot to mention that the configuration of the srr-queue was added automatically after I added the auto qos command. I would like to prevent anything that happened yesterday, so if anyone plugs two network cables into the same phone the corresponding interfaces would be disabled. That way I would get an alert and would be able to see what is going on.

These are the options I have for errdisable detect cause:

all                 
arp-inspection      
dhcp-rate-limit     
dtp-flap            
gbic-invalid        
inline-power        
l2ptguard           
link-flap           
loopback            
pagp-flap           
sfp-config-mismatch

link-flap sounds like what I could use.

BPDUGuard is used for any ports that are configure to not take part in the blck/lis/lrn/fwd stages of SpanningTree (yes and the states a version dependant, for this it does not really matter) = Portfast is being used

So any port configured with PortFast should have  BPDUGuard and will be effected.

Now hopefully your design/config does not have spanningtree trunk portfast on the distribution/core/access layer links to other switches.

Actions

This Discussion