Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
1
Replies

Trying to decipher the config from our MSP (SG350 configured via cli)

DigitalManiak3k
Level 1
Level 1

‎11-14-2019 01:26 PM

First of all, while I did study for the CCENT, it's been years and I've been focused on other things, so there are some things I know but some things I didn't quite retain, so please bear with me if some of this sounds stupid, I'm trying to get back to cisco CLI and this isn't quite IOS CLI.

 

We had a MSP install some Cisco SG switches earlier this year with our phone system. We have a collapsed core network (core + distribution on single switch) and while the SG switches are working fine, we decided to upgrade from some old HP switches to more SG switches. I wanted to duplicate the configuration of the SG switches our phone MSP installed and in testing I had all three working great. When it was time to move them into production I apparently forgot to do one last 'copy running-config startup-config' and I didn't have a TFTP server set up to save either. I apparently can't find the command I used to finish setting up all three switches, and SW2 doesn't work right with our phones.

When trying to troubleshoot this with a CCNA consultant, he literally wouldn't help me because he kept questioning the config the other MSP used on the other switches and apparently he couldn't get past it. Which is now what I'm trying to do. This config seems confusing.

 

Here's part of the dump from the config on the new MDF switch stack, which is three SG350's

!
interface GigabitEthernet1/0/5
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan remove 2-14,16-4094
macro description "ip_phone_desktop "
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!

!
interface GigabitEthernet2/0/9
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan remove 2-14,16-4094
macro description ip_phone_desktop
!

!
interface GigabitEthernet3/0/39
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
port security mode max-addresses
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan remove 2-14,16-4094
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!

and this is from one of our other SG350 switches, the config I was trying to mirror.

!
interface GigabitEthernet7
storm-control broadcast level 10
storm-control multicast level 10
port security max 10
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode trunk
switchport trunk allowed vlan remove 2-14,16-4094
macro description ip_phone_desktop
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop
!

 

Now to my questions...

  • it seems BPDU Guard is causing us to have random ports locking. Wouldn't each VoIP phone act as a bridge?
  • What command will populate the last line, the 'macro auto smartport dynamic_type ip_phone_desktop'?

Normally I document my commands in case I have to go back to do it again, this is all I could find.

  • (Add these to Interface range)

  • [con in range 1/0/1-24]

  • storm-control broadcast level 10

  • storm-control multicast level 10

  • port security max 10

  • spanning-tree portfast

  • spanning-tree bpduguard enable

  • switchport mode trunk

  • switchport trunk allowed vlan remove 2-14,16-4094

  • macro description ip_phone_desktop

Labels:
0 Helpful
1 Reply 1

paul driver
VIP
VIP

‎11-14-2019 02:32 PM - edited ‎11-14-2019 02:35 PM

Hello
With bpdugaurd initating this indicatesyou are attaching devices that are advertisng bpdu packets on a edge port, which usually suggest a switch to attached.

If these ports are connecting to a voip phone with a data client pc attaching to the phone then you really dont need the ports to be trunked, what you would possibly need is a data/voice vlan applied to the access port and a discovery protocl (cdp/lldp) for the phones.

 

example:
int x/x/
description voice-data access port
switchport mode access
switchport access vlan xx < --data vlan)
switchport voice vlan xx < --voice vlan)
storm-control broadcast level 10  <optional
storm-control multicast level 10 <optional
lldptransmit
lldp recieve

or
cdp enble


Now the config you have posted shows the following:
nterface GigabitEthernet1/0/5
storm-control broadcast level 10  <--- storm control applied
storm-control multicast level 10 <--- storm control applied
port security max 10 <--- port security applied  maxium mac address alowed on port
port security mode max-addresses <--- port security max address applied for  maxium mac addresses to be alowed on port
spanning-tree portfast < stp porfast , shouldonly be applied on edge ports, not trunk
spanning-tree bpduguard enable < stp bpduguard , should only be applied on edge ports , not trunks
switchport mode trunk < port is currenlty in an admistrative mode of trunk, but should be access mode
switchport trunk allowed vlan remove 2-14,16-4094 < vtp manual prunning applied for the trunk
macro description "ip_phone_desktop " , < port macro applied to append probably for all of the above config
!next command is internal.
macro auto smartport dynamic_type ip_phone_desktop < port macro applied to append probably for all of the above config


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents