cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

STP LoopGuard on Access Ports

SOLVED
ToryDav
Getting noticed

STP LoopGuard on Access Ports

Hello,

I've stumbled across a problem where client states phones are rebooting randomly and I am seeing duplex changes and disconnects on the connection health bar for those ports. Event log doesn't reveal much to me aside from STP changes from designated to disabled on some of those ports, which I've seen before even on ports with no STP enhancements configured. 

STP doesn't show any of them in the blocking state. 

After looking at port configuration I noticed that STP LOOPGUARD is applied to almost all of their access ports, and to be clear these are for workstation/phone pair with VLAN and Voice VLAN configured. 

This is a red flag to me - - but I thought I would get your perspective and buy-in on the idea that this is likely misconfiguration and it is contributing to the issues they are having.

Why would someone put loop guard on these ports? That is for uplink ports.

1 ACCEPTED SOLUTION

Accepted Solutions
BrandonS
Head in the Cloud

Re: STP LoopGuard on Access Ports

My finger would be pointing at the ASA.. Maybe a simple way to confirm that is to take one phone home or to another network to prove it works fine. Or, maybe you can find a way to bypass the ASA. Then ask the team that manages the ASA to fix it..

 

Here is everything you should need to know about Ringcentral: https://support.ringcentral.com/article/9233.html

 

Good luck. 

View solution in original post

6 REPLIES 6
BrandonS
Head in the Cloud

Re: STP LoopGuard on Access Ports

I agree and have always learned loop guard is for inter switch links only.  It may not be related to the underlying issue, but I would turn it off for IP phone ports.  

 

What's the make/model of IP phones and what are they connecting to?  And what is the history of the problem?  Did they work fine and then stop or they never worked?

ToryDav
Getting noticed

Re: STP LoopGuard on Access Ports

Hey @BrandonS Thanks taking a few minutes to talk through it all with me. 

The phones are new, they set-up Ring Central and put Polycom's in place.

Polycom VVX 250, 350, 450 and Polycom Trio 8800.

They have been having these issues since October and I'm just recently getting involved. 

Problems include:
Random reboots
One-way audio
Calls drop
Poor Quality

We are addressing QoS and Bandwidth concerns for the audio issues, but I am looking at the ports to see why they might be rebooting. 

Nothing really sticks out other than the LoopGuard config.

BrandonS
Head in the Cloud

Re: STP LoopGuard on Access Ports

Besides loop guard if you still have issues there must be some configuration problem or other issue in that environment.  I am both a Cisco and RingCentral reseller and have many working installations with those same phones working fine.  

 

There is nothing special to configure for RingCentral in most cases.  Exceptions would be if you have a severe security posture in place and may need explicitly allow RingCentral IP blocks as an example.

 

Firewall for this instance is an MX?  I have seen people do silly things like setup static NAT and/or port forwards for hosted voice services like this that can cause issues.  There is also/always some chance if you have IDS/IPS enabled it can cause odd issues.  Is there a single WAN connection?  Trying to load balance can be problematic for hosted voice sometimes.  What type of internet service and handoff?  

 

 

 

 

 

 

ToryDav
Getting noticed

Re: STP LoopGuard on Access Ports

@BrandonS 


Meraki MX is not in play. It is an ASA 5516-X managed through FMC. 

Single WAN, 50 up and down just got upgraded to 200 Meg or will be soon -- > Spectrum

I will find out about IDS/IPS, I didn't see any static NAT.

BrandonS
Head in the Cloud

Re: STP LoopGuard on Access Ports

My finger would be pointing at the ASA.. Maybe a simple way to confirm that is to take one phone home or to another network to prove it works fine. Or, maybe you can find a way to bypass the ASA. Then ask the team that manages the ASA to fix it..

 

Here is everything you should need to know about Ringcentral: https://support.ringcentral.com/article/9233.html

 

Good luck. 

View solution in original post

GIdenJoe
Head in the Cloud

Re: STP LoopGuard on Access Ports

That person that configured loop guard on endpoint ports does not understand STP.

It only makes sense to use BPDU guard on access ports to endpoints.

 

Since I haven't seen any Meraki network using OOB cloud access I have never been able to implement loop guard because dashboard configuration does not allow it.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.