Would that be possible to connect a small switch of 8 ports to the PC port of an IP phone? We need to connect 4 laptops to the switch. If not, what would the issues be?
Hi, This can be done but i would not recommend doing this, it is very bad practise. Best idea would be to run some additional cabling or go down the wireless route for the laptops.
I don't know how but someone told me this can bring the network down by creating a loop in the network. Would that be possible?
You could just disconnect the phone from the data port it is using, then plug the switch into that port, then plug the phone into the switch. This would require some reconfig on your existing switch & new switch. But it only takes a couple minutes.
The switch is not POE and I don't have a power suply for the phone. Is it true that pluging a switch into the PC port of a phone will create a loop in the network?
There is no way to create a loop just like that from nothing :) Well, if you want, you can.
If the switch is managed then configure the right version of spanning tree protocol that you are using in your environment.
On the uplink switch you may want to configure port-security for the max number of MAC addresses. Also remember to remove the "spanning-tree portfast" command from the port the phone is connected to.
I don't like mini hubs/switches in the hands of users because of the risk of spanning tree loops.
It is common practice to use the 'spanning-tree portfast' interface command on access ports to allow then to skip the spanning tree protocol and come up immediately. This has risks. Connect to access ports together a see what happens. You won't like it.
1) Run extra cable to eliminate the need for these devices.
2) Configure UniDirectional Link Detection (UDLD) on all of your access switches.
3) Configure port-security on all of your access ports.
The most important of the list above would be number two. This essentially monitors for spanning tree packets coming from ports where they don't belong and kills the port before a major outage can accure. Read this link.
This is practiced much (mini switches off the phones) in our environment. I'm new to the Cisco router territory and am not familiar with the spanning tree configs. Can you in "layman's" terms reiterate why this shouldn't be done. I feel I should explain to the desktop support to stop this practice.
Lets see if I can explain this better.
1) Mini hubs/switches are usually low quality consumer grade product with high failure rates. They can become unplugged or fail completely and generate additional help desk calls. They are not manageable so they cannot be monitored.
2) It would be possible to an end user or junior IT staff person to inadvertently create a switching loop that could take part or all of a network down. It is a risk that can be managed. You just need to deploy UDLD of your switches. This disables a port if it received a frame from itself. This is not a default so you should deploy UDLD if you are going to keep the mini hubs/switches.
3) I like to use port-security to limit the number of physical devices attached to an access port. I do this primarily to prevent end users from connecting rouge wireless access points to the network and creating a large security hole.
I hope this helps.
I agree with what the others who are saying "Don't do this!"
I just had a major network interruption due to this very scenario. User came off a 3560 into a 7940, from there into a LinkSys Wireless from that into his PC. Phones started flipping out all over. Still not sure why.
I really think it is bad practice. Off of your switch, either do a phone with a PC, or another switch.
Just my personal experience says I will never recommend a switch connected to the phone.
My two cents...
UDLD feature mentioned earlier in this post has nothing to do with this scenario. UDLD takes care of cabling (most likely fiber) becoming uni-directional in its transmission usually due to physical malfunction.
Internal IP Phone switch passes all traffic from switch uplink port to PC port, including spanning tree BPDUs. If you take a phone and connect both switch uplink and PC ports back to LAN (by mistake of course :-)) then one of the ports on your LAN switches will be blocked (the one with lower port ID) as per normal spanning operation.
If you just connect a "dumb" switch to PC port on the phone and not uplink it back to your LAN, then any loops you create by running wild connecting cables on that particular switch will be limited to that switch and not your entire network. Anything "leaking" back to your LAN through IP Phones's switch port will be limited to 100/1000 megs only which is not enough to bring down your LAN....
If you "accidently" uplink that "dumb" switch back to your LAN it all depends if that switch passes through BPDUs. If yes, your LAN will recover and block ports as needed. If not, you're in trouble :-)
That was me. I had a brain fart that day I guess. I was thinking BPDU Guard and brought up UDLD.