Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco phone took down 2 subnets

Just wondering if anyone ever had this issue. We came in one monday morning to the entire CCM (80 phone on 1 v-lan) running slow and noise on the calls. I could not RDP to the call managers. By 9am all the phones kept rebooting on there own and could not make calls. Also the data v-lan that is shared on the phones hub port was slow and dropping connection even on computers that were not connected to a phone. Any ping on those 2 subnets would drop every other one. Our switches include a backbone on a 6509 that is used as our router and 3 3560's in closets to connect the phones. We went into the call manager locally and there were no issues. The only errors in the logs were lost connections from the phones to the call manager. We went into the switches and no errors in the logs. We rebooted everything, no change. Finally we started sniffing packets on the voice and data v-lans. We found a ton of arp traffic being generated. That address generating the arp traffic was 192.168.0.1. We assosiated that to a mac address and tried to scan to see what port that mac address was on. We found that the MAC address existed on 2 ports, 7 and 8 on one of the 3560's. When we went to investigate those ports we found that a maintanance team changing a carpet in a office had plugged a 7970's computer port into the switch as well as it's lan port. We unplugged the computer port from the switch and istantly everything was running fine. I know this was something stupid that should have never happend but from an attack standpoint by just plugging one wire in wrong, this phone took out our entire voice v-lan and 1 data v-lan for a few hours. Has anyone ever experianced this problem? Is there something you can set in the switches that would prevent this?

Thanks

5 REPLIES
Hall of Fame Super Gold

Re: Cisco phone took down 2 subnets

Hi Evan,

ugly. But, there are things you can do...

If the PC port on the phone is not meant to be used, disable it. Which was the data vlan, on both ports? Also, you are running spanning tree, right ?

New Member

Re: Cisco phone took down 2 subnets

We are running spanning tree to a limited extent. 3 data v-lans and 1 voice v-lan all exist on these switches. the data v-lan that was affected is the one set for the phone to use when a computer is plugged into the computer port on the phone. Even if that port was diabled, what if someone brought in a phone from the out side and did this?

New Member

Re: Cisco phone took down 2 subnets

We've had users do the same thing on our network. The best mitigation I know of is to ensure that BPDU-guard is enabled on all of your ports - phone and data.

New Member

Re: Cisco phone took down 2 subnets

VTP is set up on all ports. Is this the same? If not how do I check to make sure BPDU-Gard is on? I do not think that split horizion was the issue, I think the biggest problem was that 2 devices were communicating on the same switch with the same MAC address.

Hall of Fame Super Gold

Re: Cisco phone took down 2 subnets

Hi,

if you want to block the port cascaded on the phone, just make the voice vlan as 'access' (no voice vlan) and filter by MAC if you want no other devices on that port.

111
Views
0
Helpful
5
Replies