I had some issues yesterday with someone plugging in an Avaya phone to the network using both network connection on the phone. The phone plugged into a stack of 3750 PoE switches and those switches connected to two 3750 Metro swtiches. The Metro switches connected to DWDW and thrue that they connected to the Data Center that has 6509s also connected to DWDM. Here is the configuration of one of the ports from the 3750PoE switch:
switchport trunk encapsulation dot1q
switchport trunk native vlan 232
switchport trunk allowed vlan 232,800,832
switchport mode trunk
switchport voice vlan 832
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust cos
auto qos voip trust
no mdix auto
no cdp enable
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
Is there anything else that I could configure on the interfaces that would take the interfaces down if someone does the same thing again?
I hope that is not the config for the switch port connected to the Avaya Phone.
I would configure the switchport connected to the phone as:-
spanning-tree bpdufilter enable - makes sense
spanning-tree bpduguard enable - make sense
errdisable detect cause bpduguard - detect and err-disable the port on loop detection
switchport access vlan <>
switchport voice vlan <
And that is all.
You are using:-
- mls qos trust cos - I hope you have configured the CM to supply the phone COS/DSCP values.
- auto qos voip trust - should be used for used for Cisco Phones ideally
- switchport trunk encapsulation dot1q - you should only need this on an Avaya Phone that does not support trunking, or a switch that does not have the AUX vlan feature.
- srr-queue bandwidth shape 10 0 0 0 - you want to give the Avaya Phone 10 Mbs in the priority queue?? Why? the heavest codec is G711 and 1 call is only 170Kbs.
I needed the configuration the way it is because when I used the access vlan and the voice vlan the phone did not work. The mls qos trust cos and the auto qos voip trust were suggested by one of the consultants that was hired by the Telco manager before the VoIP deployment.
Your responses indicate that the phone is not being configured with any settings. Have you set up the CM to send the 46xxsettings.txt to the phones? or have you manually configured the voice vlan & l2/l3 QoS settings you require?
The problem is that we have an Avaya PBX system. You should see the DHCP option 252 for this beast. I forgot to mention that the configuration of the srr-queue was added automatically after I added the auto qos command. I would like to prevent anything that happened yesterday, so if anyone plugs two network cables into the same phone the corresponding interfaces would be disabled. That way I would get an alert and would be able to see what is going on.
These are the options I have for errdisable detect cause:
link-flap sounds like what I could use.
BPDUGuard is used for any ports that are configure to not take part in the blck/lis/lrn/fwd stages of SpanningTree (yes and the states a version dependant, for this it does not really matter) = Portfast is being used
So any port configured with PortFast should have BPDUGuard and will be effected.
Now hopefully your design/config does not have spanningtree trunk portfast on the distribution/core/access layer links to other switches.
The uplink ports have no spanningtree trunk portfast configured. I have a spare switch and will upgrade it to the latest IOS and do some testing with a phone and a laptop. Thank you for your help.