VoIP phone causing Loop - Disable port with Duplicate MAC Address

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered

Customer has VoIP Phones.  Users will plug both ports into wall jacks causing a loop.  Looking for solution

Photo of Bill Handler

Bill Handler

  • 1,224 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Roger Green

Roger Green

  • 200 Points 100 badge 2x thumb
only plug one jack in
Photo of Balaji

Balaji, Employee

  • 776 Points 500 badge 2x thumb
Configure STP on the edge ports with BPDUSafeguard enabled. 
Photo of Roger Green

Roger Green

  • 200 Points 100 badge 2x thumb
computer goes into phone, phone goes into wall
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Bill

Can you please tell me what switch you are using?  If it is one that runs XOS as the operating system then you can use a feature called ELRP.  It works similar to STP but it is not as configuration detailed.  It is essentially two commands.

If it is EOS based or if there is a mixture then STP is a better fit.

Let us know
Thanks
P
Photo of Bill Handler

Bill Handler

  • 1,224 Points 1k badge 2x thumb

I tried to edit the original, but it wouldn't allow it...

The customer has Enterasys B5s with 6.71-6.81 code

More information - BPDUs are not passed through the phone.  The VoIP VLAN is untagged as is the Data VLAN.

The data ports shows the same MAC address as the phone port.

Does anyone know of a way via CLI or Policy Manager to disable a port when it detects a duplicate MAC address in the filtering database on an edge port?

Normally we would use STP with edgeguard, but since the BPDUs are not passing across the phone, it doesn't help. 

(Edited)
Photo of Roger Green

Roger Green

  • 200 Points 100 badge 2x thumb
easy thing to do is setup voice vlan and let the phone tag the voice traffic
Photo of Bill Handler

Bill Handler

  • 1,224 Points 1k badge 2x thumb

Roger,

That won't stop the loop.  The customer wants the VoIP to be on a different VLAN, but untagged to the phone.

Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi Bill,

you cannot generally prevent all layer 2 loops in the presence of buggy or malicious gear, like the VoIP phones filtering BPDUs. Every loop detection protocol can be filtered out.

You should consider mitigating the effect of loops by using rate limiting for broadcast, multicast, and unknown unicast traffic. The B5 (and other EOS switches) have two mechanisms for this:
  1. set port broadcast affects broadcasts only
  2. set cos port-resource flood-ctrl 0.0 {unicast|multicast|broadcast} rate PPS
    set cos state enable
Erik