Re: Avaya phone and loop

balla-zoltan · ‎09-29-2010

I had some issues yesterday with someone plugging in an Avaya phone to the network using both network connection on the phone. The phone plugged into a stack of 3750 PoE switches and those switches connected to two 3750 Metro swtiches. The Metro switches connected to DWDW and thrue that they connected to the Data Center that has 6509s also connected to DWDM. Here is the configuration of one of the ports from the 3750PoE switch:

interface FastEthernet1/0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 232
switchport trunk allowed vlan 232,800,832
switchport mode trunk
switchport voice vlan 832
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust cos
auto qos voip trust
no mdix auto
no cdp enable
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
!

Is there anything else that I could configure on the interfaces that would take the interfaces down if someone does the same thing again?

andrew.prince · ‎09-29-2010

I hope that is not the config for the switch port connected to the Avaya Phone.

I would configure the switchport connected to the phone as:-

spanning-tree bpdufilter enable - makes sense
spanning-tree bpduguard enable - make sense

errdisable detect cause bpduguard - detect and err-disable the port on loop detection

Interface FastEthernet1/0/3

switchport access vlan <>

switchport voice vlan <>

And that is all.

You are using:-

- mls qos trust cos - I hope you have configured the CM to supply the phone COS/DSCP values.

- auto qos voip trust - should be used for used for Cisco Phones ideally

- switchport trunk encapsulation dot1q - you should only need this on an Avaya Phone that does not support trunking, or a switch that does not have the AUX vlan feature.

- srr-queue bandwidth shape 10 0 0 0 - you want to give the Avaya Phone 10 Mbs in the priority queue?? Why? the heavest codec is G711 and 1 call is only 170Kbs.

balla-zoltan · ‎09-29-2010

I needed the configuration the way it is because when I used the access vlan and the voice vlan the phone did not work. The mls qos trust cos and the auto qos voip trust were suggested by one of the consultants that was hired by the Telco manager before the VoIP deployment.

andrew.prince · ‎09-29-2010

Your responses indicate that the phone is not being configured with any settings. Have you set up the CM to send the 46xxsettings.txt to the phones? or have you manually configured the voice vlan & l2/l3 QoS settings you require?

balla-zoltan · ‎09-29-2010

The problem is that we have an Avaya PBX system. You should see the DHCP option 252 for this beast. I forgot to mention that the configuration of the srr-queue was added automatically after I added the auto qos command. I would like to prevent anything that happened yesterday, so if anyone plugs two network cables into the same phone the corresponding interfaces would be disabled. That way I would get an alert and would be able to see what is going on.

andrew.prince · ‎09-29-2010

Remove - spanning-tree portfast trunk

And

Add - errdisable detect cause bpduguard

balla-zoltan · ‎09-29-2010

These are the options I have for errdisable detect cause:

all
arp-inspection
dhcp-rate-limit
dtp-flap
gbic-invalid
inline-power
l2ptguard
link-flap
loopback
pagp-flap
sfp-config-mismatch

link-flap sounds like what I could use.

andrew.prince · ‎09-29-2010

check your version of IOS or as previosly stated, remove all non-essential configuration.

balla-zoltan · ‎09-29-2010

Would the errdisable command affect the uplink ports too? I have two stacks of 3750 switches connecting on the Gig uplinks.

andrew.prince · ‎09-29-2010

BPDUGuard is used for any ports that are configure to not take part in the blck/lis/lrn/fwd stages of SpanningTree (yes and the states a version dependant, for this it does not really matter) = Portfast is being used

So any port configured with PortFast should have BPDUGuard and will be effected.

Now hopefully your design/config does not have spanningtree trunk portfast on the distribution/core/access layer links to other switches.

balla-zoltan · ‎09-29-2010

The uplink ports have no spanningtree trunk portfast configured. I have a spare switch and will upgrade it to the latest IOS and do some testing with a phone and a laptop. Thank you for your help.