Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

6961 PC Port Connectivity Issue

I ran into a PC port connectiviity issue that I haven't seen before today.  None of the devices connected to the PC port of the 6961 IP phones had mac address entries in the MAC address table of the Cisco 3560 switch.  However, the MAC addresses of all of the IP phones were in the 3560's MAC address table and IP connectivity to the phones was never affected.  Port security is defined on each switchport connected to an IP phone, but none of the switchports were in err-disable mode.  We tried resolve the issue by sending a "reset" command to the phones through call manager, but it had no effect.  After trying a few different things, we finally found a shut/no shut or power inline never / power inline auto on the switchports restored connectivity to the devices connected to the phones' PC ports.  Also, there wasn't anything in the logs and the logging level is set to debugging.

We were able to isolate the problem to the Cisco IP phone, because the affected devices were connected to the phones PC ports and were on different VLANs and on different physical switches.  Devices that were not connected through a IP phone were not affected.  Has anyone ever seen this behavior before and were you able to determine what caused the issue?  At this point, we have no solid answers.  Thanks in advance for any help.

CUCM 8.6.2

Cisco 3560 12.2(50)SE1

Cisco 6961 SCCP69xx.9-2-1-0

Sample port config:

interface FastEthernet0/8
description Register
switchport access vlan 919
switchport mode access
switchport nonegotiate
switchport voice vlan 911
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky yyyy.yyyy.yyyy vlan voice
switchport port-security mac-address sticky xxxx.xxxx.xxxx spanning-tree portfast
spanning-tree bpduguard enable
end

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: 6961 PC Port Connectivity Issue

I had a customer running into similar issues and switch IOS upgrade resolved the issue. There was an IOS bug for it, I don't have the specifics however so you could try looking for it under bug toolkit.

Sent from Cisco Technical Support iPhone App

3 REPLIES
Hall of Fame Super Silver

Re: 6961 PC Port Connectivity Issue

I had a customer running into similar issues and switch IOS upgrade resolved the issue. There was an IOS bug for it, I don't have the specifics however so you could try looking for it under bug toolkit.

Sent from Cisco Technical Support iPhone App

New Member

Re: 6961 PC Port Connectivity Issue

This seems like the most promising bug for the version of code running on the switch.  However, do you
think it is likely to be a bug when it happened on two different switches at the same time?


port-security in 12.2(50)SE is not working properly with IP phone. 
Condition:

1) Mac address behind the phone will not be secured when the PC removes even before the cam aging expired.

When port-security is enabled, if the PC connected to the back of the phone removed, the CAM entry of the PC will removed from the CAM table immediately before the CAM aging time expired. The CAM entry of the PC will populate again in the CAM table when the PC reconnects to the back of the phone.


The problem only happens with the following combination:

3560 with c3560-ipbase-mz.122-50.SE1
7941/61 with SCCP41.8-4-3S

Workaround:
-Downgrade to release earlier than 12.2(50)SE such as 12.2(46)SE

Further investigation:

It is triggered by a new feature enabled in 12.2(50)SE. The new feature is called host presence.
Cisco IP phones with old firmware have no ability to notify the switch of link state changes on the IP phone's access port. When a device attached to the access port is disconnected or disabled administratively, the switch is unaware of the change. Cisco IP phones with new firmware (8-4-x) can send a CDP message containing a host presence type length value (TLV) indicating the changed state of the access port link. To recognize the host presence TLV, the switch must be running Cisco IOS Release 12.2(50)SE or later release.

New Member

6961 PC Port Connectivity Issue

For the record, it was a port security bug on the switch that caused the device behind the phone to lose network connectivity after it was rebooted.  The workaround is to either remove port security on the ports or to upgrade the code.

756
Views
0
Helpful
3
Replies
CreatePlease login to create content