VoIP phone causing Loop - Disable port with Duplicate MAC Address
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-22-2016 05:27 PM
Customer has VoIP Phones. Users will plug both ports into wall jacks causing a loop. Looking for solution
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2016 05:19 AM
Hi Bill,
you cannot generally prevent all layer 2 loops in the presence of buggy or malicious gear, like the VoIP phones filtering BPDUs. Every loop detection protocol can be filtered out.
You should consider mitigating the effect of loops by using rate limiting for broadcast, multicast, and unknown unicast traffic. The B5 (and other EOS switches) have two mechanisms for this:
you cannot generally prevent all layer 2 loops in the presence of buggy or malicious gear, like the VoIP phones filtering BPDUs. Every loop detection protocol can be filtered out.
You should consider mitigating the effect of loops by using rate limiting for broadcast, multicast, and unknown unicast traffic. The B5 (and other EOS switches) have two mechanisms for this:
- set port broadcast affects broadcasts only
- set cos port-resource flood-ctrl 0.0 {unicast|multicast|broadcast} rate PPS set cos state enable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-22-2016 05:40 PM
Roger,
That won't stop the loop. The customer wants the VoIP to be on a different VLAN, but untagged to the phone.
That won't stop the loop. The customer wants the VoIP to be on a different VLAN, but untagged to the phone.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-22-2016 05:37 PM
easy thing to do is setup voice vlan and let the phone tag the voice traffic
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-22-2016 05:36 PM
I tried to edit the original, but it wouldn't allow it...
The customer has Enterasys B5s with 6.71-6.81 code
More information - BPDUs are not passed through the phone. The VoIP VLAN is untagged as is the Data VLAN.
The data ports shows the same MAC address as the phone port.
Does anyone know of a way via CLI or Policy Manager to disable a port when it detects a duplicate MAC address in the filtering database on an edge port?
Normally we would use STP with edgeguard, but since the BPDUs are not passing across the phone, it doesn't help.
The customer has Enterasys B5s with 6.71-6.81 code
More information - BPDUs are not passed through the phone. The VoIP VLAN is untagged as is the Data VLAN.
The data ports shows the same MAC address as the phone port.
Does anyone know of a way via CLI or Policy Manager to disable a port when it detects a duplicate MAC address in the filtering database on an edge port?
Normally we would use STP with edgeguard, but since the BPDUs are not passing across the phone, it doesn't help.
