cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4068
Views
5
Helpful
11
Replies

SF300-24P VLAN problem

BRYAN HUNT
Level 1
Level 1

Hello,

I have a new client site with Polycom IP331 phones and an SF300-24P switch. 

We are manually setting the VLAN tag on the phones, but it appears to be being overridden by some setting on the switch. 

I have tried disabling every discovery service that I can find on the switch to stop this from occurring, but without success

Can anyone assist me by detailing all of the services on the switch that may be hijacking my VLAN id, and describing how to disable them?

Thanks.

Bryan Hunt

1 Accepted Solution

Accepted Solutions

Bryan, can you change the port connect to the unmanage switch to be a vlan 1 member only?

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

11 Replies 11

Tom Watts
VIP Alumni
VIP Alumni

Hello Bryan,

The auto smart port configuration will dynamically change the port setting based off the LLDP/CDP advertisements. You may globally disable the auto smart port and disable them per interface instance as well.

To disable on the GUI;

Smartport - > Properties -> Uncheck everything there

Smartport -> Interfaces ->  Edit each port to disabled mode

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom,

Thanks for the reply.

I have located and disable the LLDP, CDP and Smartport services. 

That seems to have helped, but one more odd thing...

When the phones boot up and send out their DHCP Discovery packets, they are getting responses from two different DHCP servers on two different subnets.  How is this possible?  All of the ports are set for 1U and 10T, and the phones are set for VLAN 10. 

Could this switch possibly have UDP Broadcast Forwarding turned on?  I searched for a setting to enable/disable that (if this switch can even do that), but didn't see anything.  DHCP Relay is definitely disabled.

Thanks.

Bryan Hunt

Hi Bryan,

There is not a UDP broadcast feature on this switch. You mentioned there are separate DHCP server to service the VLAN traffic. The ports connecting to the respective DHCP server are they set as an exclusive member of their correct VLAN? Data network DHCP is 1u and the Voice network DHCP is 10u? Are you intermittently receiving VLAN 1 IP on your telephone while other times receiving VLAN 10 DHCP?

This is how I envision your statement;

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom,

No, slightly different.

VLAN 1 = Data, 10.1.1.0.24.  VLAN 10 = Voice, 10.1.10.0/24

All ports on the switch are set as trunk, with the exception of port 23, which is access.  Port 23 is the PBX.

All ports are PVID 1, with the exception of port 23, which is PVID 10.

All ports are 1UP/10T, with the exception of port 23, which is 10UP.

Port 24 is a router with address of 10.1.1.1 (VLAN 1), 10.1.10.1 (VLAN 10).

There is a Windows Server 2003 on the data vlan giving out DHCP for the data side.

The router gives out DHCP on vlan 10.

The Polycom phones are all manually set for VLAN ID 10.

I usually run this exact environment with Dell 35xx switches and it works perfectly.  The phones broadcast DHCP Discover packets on VLAN 10, and the router delivers them the appropriate DHCP information.

When I set this up the Cisco switch, I was surprised to see that the phones were gettng DHCP information from the W2k3 server on the data LAN.  At the time, I didn't realize that the Cisco switch had the Smartport and Auto Voice VLAN settings enabled.  After your first post, I disabled everything that I could find that I thought could be affecting this traffic.  But I find that the phones are still getting data vlan DHCP.

So, I thought that I would do some packet captures.  I set up a mirror port on 13, and monitored a phone on 14.  The phones broadcast their DHCP Discovers without a VLAN tag on their packets, which I found very odd.  Then, they got DHCP Offers from BOTH dhcp servers, which are on separate VLANS, which I found REALLY odd.  None of the packets were marked with VLAN tags at all.  The phones accept the data lan DHCP, and don't configure properly.

That's where it is right now.  If I turn off the data lan dhcp, everything works fine.  With it on, the phones get bad config data.

After pondering *how* these phone packets could possible be coming in untagged, I began to wonder if the "mirror" process might be removing the tags for some reason.  So, I plan to take an old hub that I use for sniffing over to the site and capturing the phone packets before they hit the Cisco.  That should be an informative session...

And, I have a Dell switch on order overnight to see if that will resolve the issue.

I like these Cisco switches, so I would like to resolve this.  But i have used this *exact* configuration many times without ever having an issue before.  The only change in the equation is the SF300.

Any addtional ideas Tom?

Thanks.

Bryan Hunt

Tom,

More info...

First off, did you ever have one of those "aha" moments, which were really an "ahh sh$$$t" moment?

After about 4 more pcaps that were befuddling me even further that before, I finally realized that the VLAN tags weren't really missing, they just weren't being seen by Wireshark.  Not WS's fault though.  I have a new Dell latptop that I am doing the captures with, and the Intel adapter was set to strip the vlan tags off of packets before sending them up the stack.   ARRGHH.  Anyway, a registry change and a reboot later and... voila... we've got tags!

So, my issue is down to this:

Phone with VLAN 10 tag sends out a DHCP Discover and that packet is seen and responded to by DHCP servers on VLAN 1 and VLAN 10.  How can this be?

I will post the CLI config in another post.

If anything jumps out at you on this before that, please let me know.

And, thanks again very much for your help.

Bryan Hunt

Bryan, here is a new diagram. Is this accurate?

One thing to make note, the link on the server I labeled 1u, 10t because you said all ports are 1u, 10t with the exception of the PBX. Can you verify DHCP is not serviced for VLAN 1 by the router and the Window 2003 server is 1 untagged only?

All ports are 1UP/10T, with the exception of port 23, which is 10UP.

There is a Windows Server 2003 on the data vlan giving out DHCP for the data side.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom,

The drawing is pretty close.

The 2003 server is actually on another switch that is connected to the SF300 on one of the 1UP/10T ports.  The second switch is unmanaged, so no VLANs there.

The router does not have a DHCP server for VLAN1, only for VLAN10.

Thanks.

Bryan

Bryan, can you change the port connect to the unmanage switch to be a vlan 1 member only?

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom,

I set that port to 1U-Access and I *think* that may have done the trick.  I will do more testing tomorrow morning.

Any thoughts on why those packets would be sent to both VLANs?

Thanks.

Bryan

Bryan, is this working out for you?

I think what happens is the data DHCP server has the 1u,10t on the packet, when it egress the phone switchport, ingress to the phone port, the phone may not properly handle the layer 2 tags and confuse what needs to go where. It also may have something to do with the router providing the same layer 2 vlan tags with the different DHCP information and the phone picking up whatever came first. I think it has some sort of effect "2 dhcp server on the same lan" and the phone didn't handle the replies correctly tagging the voice.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom,

I don't think that is it.  The data server is an old 2003 Dell server, no vlan tags available on its NIC card settings.

And, it is on the unmanaged switch that is connected to port 17 on the SF300.  So (I think) it would be impossible for the packets to be tagged in any way.  The only thing that I can think of is that the SF300 received broadcast packets on port 17 and sent the out on BOTH vlans.  When I changed port 17 to Access/1U, that stopped the behavior.

The switch is on firmware version 1.1.2.0.  I know that there is a newer version available, that may correct the issue.

Your previous answer did correct the issue though, so I will mark it as the correct answer.

Wish I knew the root cause though...

Thanks.

Bryan Hunt

Review Cisco Networking for a $25 gift card