09-23-2018 01:37 AM - edited 03-08-2019 04:13 PM
I config my PC's connect to network by IP phones PC jack and config voice vlan tag and PC Vlan on my switch.Then, I set dhcp snooping,ip source guard and arp inspection but after this change all nodes that connected to Iphones shut down!!I know every port can learn one ip and mac but dont have any solution for this problem,
My config :
conf t
service password-encryption
no ip http server
no ip http secure server
int rang gig 1/0/25-26
ip dhcp snooping trust
ip arp inspection trust
int range gig 1/0/1-24
sw host
sw port-secu
sw port-secu max 2
sw port-secu violation shut
sw port-secu mac-add stick
ip dhcp snooping limit rate 3
ip verify source port-security
no cdp enable
exit
ip dhcp snooping
ip dhcp snooping vlan 8,10,111,7,60
ip dhcp snooping information option
ip arp inspection vlan 8,10,111,7,60
Solved! Go to Solution.
09-23-2018 06:47 AM
Hello,
also, I think Grandstreams don't use CDP but rather LLDP. I have googled around, try the switchport config below:
interface GigabitEthernet0/1
switchport access vlan data_vlan
switchport trunk native vlan data_vlan
switchport trunk allowed vlan data_vlan,voice_vlan
switchport voice vlan voice_vlan
09-23-2018 05:08 AM
Hello,
--> ip dhcp snooping vlan 8,10,111,7,60
Is your voice VLAN included in the dhcp snooping list ?
09-23-2018 05:24 AM
09-23-2018 05:30 AM
Hello,
post the ful config of your switch, as well as the output of 'show ver' ...
09-23-2018 05:33 AM
Hi
If your phones are Cisco, the CDP must enabled, it is used for the DHCP reply
My config :
conf t
service password-encryption
no ip http server
no ip http secure server
int rang gig 1/0/25-26
ip dhcp snooping trust
ip arp inspection trust
int range gig 1/0/1-24
sw host
sw port-secu
sw port-secu max 2
sw port-secu violation shut
sw port-secu mac-add stick
ip dhcp snooping limit rate 3 <--- it could be other value, like 5 or +, I usually use 20
ip verify source port-security
cdp enable
exit
ip dhcp snooping
ip dhcp snooping vlan 8,10,111,7,60
no ip dhcp snooping information option <-- it should be disabled.
ip arp inspection vlan 8,10,111,7,60 <-- as Georg mentioned, check if your voice vlan is included.
Hope it is useful
:-)
09-23-2018 06:12 AM
my phones are grandstream and my voice vlan is included but after deply config all ports that connected to ip phone will shut down and another port that connect just to pc will operate well.
thanks to all
09-23-2018 06:28 AM - edited 09-23-2018 06:30 AM
Try chaging the value
ip dhcp snooping limit rate 10
Also verify if the ports are in errdisable by port security.
09-23-2018 06:35 AM
Hello,
how did you register the phones in Callamanger...as Third Party SIP Phones ?
09-23-2018 06:47 AM
Hello,
also, I think Grandstreams don't use CDP but rather LLDP. I have googled around, try the switchport config below:
interface GigabitEthernet0/1
switchport access vlan data_vlan
switchport trunk native vlan data_vlan
switchport trunk allowed vlan data_vlan,voice_vlan
switchport voice vlan voice_vlan
09-23-2018 07:27 AM
i icrease rate but dont work it:(
int rang gig 1/0/49-52
sw mo trunk
sw trunk allowed 8,10,111,7,60
no ip dhcp snooping trust
no ip arp inspection trust
int range gig 1/0/1-48
sw host
sw port-secu
sw port-secu max 2
sw port-secu violation shut
sw port-secu mac-add stick
ip dhcp snooping limit rate 10
ip verify source port-security
no cdp enable
exit
ip dhcp snooping
ip dhcp snooping vlan 8,10,111,7,60
ip arp inspection vlan 8,10,111,7,60
09-23-2018 10:45 AM
Hello,
post the full running configuration of your switch...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide