STP LoopGuard on Access Ports

Solved
ToryDav
Building a reputation

STP LoopGuard on Access Ports

Hello,

I've stumbled across a problem where client states phones are rebooting randomly and I am seeing duplex changes and disconnects on the connection health bar for those ports. Event log doesn't reveal much to me aside from STP changes from designated to disabled on some of those ports, which I've seen before even on ports with no STP enhancements configured. 

STP doesn't show any of them in the blocking state. 

After looking at port configuration I noticed that STP LOOPGUARD is applied to almost all of their access ports, and to be clear these are for workstation/phone pair with VLAN and Voice VLAN configured. 

This is a red flag to me - - but I thought I would get your perspective and buy-in on the idea that this is likely misconfiguration and it is contributing to the issues they are having.

Why would someone put loop guard on these ports? That is for uplink ports.

1 Accepted Solution
BrandonS
Kind of a big deal

My finger would be pointing at the ASA.. Maybe a simple way to confirm that is to take one phone home or to another network to prove it works fine. Or, maybe you can find a way to bypass the ASA. Then ask the team that manages the ASA to fix it..

 

Here is everything you should need to know about Ringcentral: https://support.ringcentral.com/article/9233.html

 

Good luck. 

- Ex community all-star (⌐⊙_⊙)

View solution in original post

6 Replies 6
BrandonS
Kind of a big deal

I agree and have always learned loop guard is for inter switch links only.  It may not be related to the underlying issue, but I would turn it off for IP phone ports.  

 

What's the make/model of IP phones and what are they connecting to?  And what is the history of the problem?  Did they work fine and then stop or they never worked?

- Ex community all-star (⌐⊙_⊙)
ToryDav
Building a reputation

Hey @BrandonS Thanks taking a few minutes to talk through it all with me. 

The phones are new, they set-up Ring Central and put Polycom's in place.

Polycom VVX 250, 350, 450 and Polycom Trio 8800.

They have been having these issues since October and I'm just recently getting involved. 

Problems include:
Random reboots
One-way audio
Calls drop
Poor Quality

We are addressing QoS and Bandwidth concerns for the audio issues, but I am looking at the ports to see why they might be rebooting. 

Nothing really sticks out other than the LoopGuard config.

BrandonS
Kind of a big deal

Besides loop guard if you still have issues there must be some configuration problem or other issue in that environment.  I am both a Cisco and RingCentral reseller and have many working installations with those same phones working fine.  

 

There is nothing special to configure for RingCentral in most cases.  Exceptions would be if you have a severe security posture in place and may need explicitly allow RingCentral IP blocks as an example.

 

Firewall for this instance is an MX?  I have seen people do silly things like setup static NAT and/or port forwards for hosted voice services like this that can cause issues.  There is also/always some chance if you have IDS/IPS enabled it can cause odd issues.  Is there a single WAN connection?  Trying to load balance can be problematic for hosted voice sometimes.  What type of internet service and handoff?  

 

 

 

 

 

 

- Ex community all-star (⌐⊙_⊙)
ToryDav
Building a reputation

@BrandonS 


Meraki MX is not in play. It is an ASA 5516-X managed through FMC. 

Single WAN, 50 up and down just got upgraded to 200 Meg or will be soon -- > Spectrum

I will find out about IDS/IPS, I didn't see any static NAT.

BrandonS
Kind of a big deal

My finger would be pointing at the ASA.. Maybe a simple way to confirm that is to take one phone home or to another network to prove it works fine. Or, maybe you can find a way to bypass the ASA. Then ask the team that manages the ASA to fix it..

 

Here is everything you should need to know about Ringcentral: https://support.ringcentral.com/article/9233.html

 

Good luck. 

- Ex community all-star (⌐⊙_⊙)
GIdenJoe
Kind of a big deal
Kind of a big deal

That person that configured loop guard on endpoint ports does not understand STP.

It only makes sense to use BPDU guard on access ports to endpoints.

 

Since I haven't seen any Meraki network using OOB cloud access I have never been able to implement loop guard because dashboard configuration does not allow it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels