We have a Catalyst 6506-E running Native 12.2(18)SXF8. It is being deployed in a IPT environment and so we wanted to make sure that L2 security was implemented. We turned on DCHP snooping for VLANS X,Y,Z we also turned on ip arp inspection for X,Y,Z. We put the commands under the ports for rate limit for both. We also have the trusted command under the port that the DHCP server is plugged into.
When we have this configuration we are seeing random one-way audio calls between phones that ride on the same subnet and even same switch. If we take off DAI then everything works fine. The customer is running CCM 4.3(1) OS2003.1.1sr1 and the phones are 7941/61 with 8.2(2)sr1. Would like to know if anyone has seen this? If so is it a misconfig or bug?
That is the documentation that we used to verify which is no more than the 6500 docs, but thanks for the links because you never know we might have gotten the wrong ones.
In looking at your bug ID you are correct in that its not having trouble getting DHCP (IP Address). The config is very simple and not much really to configure. The only thing is that we do not have configured is the database location which that is only there just incase the switch bounces it will have a place to look at the bindings and not have to re learn them.
We will test out on a different floor where there are 3750 switch stacks to see if we run into the same issue. If not then it would be a good lab mock up for Cisco. We currently do not have the windows to test this out because it is a 24/7 place. However I will get the configs off and if you want offline give you all the parameters to simulate.
Thanks for your assistance and looking forward to your reply.
I wonder what is the final resolution for you or you have to disable the DAI to avoid this one ways traffic issue.
I have done a TCP/sniffer trace and have interesting finding. The IP phone is depend on ARP reply in order to encode voice into RTP packet and send to the other IP phone. That mean if any of the IP phone can not receive the ARP reply packet, that IP phone will not send RTP to the other phone, hence the other phone will not heard any voice (total silent). For my case, the IP phone ARPing for the other IP phone for total of 6 ARP request with the first five ARP reply being drop by the switch. That resulted the one-way voice silent for 5 sec. All the 6 ARP reply look identical, so look like Dynamic ARP Inspection is not a bug but not reliable. Same as IPS having false-negative.
The DAI is enable on C3560-48PS running 12.2(25)SEE3.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...