Higher Education

View Only

Back to discussions

Expand all | Collapse all

Wired Port Access LLDP Drops Client VLAN assignment

Jump to Best Answer

This thread has been viewed 37 times

1. Wired Port Access LLDP Drops Client VLAN assignment

Kudos
cochranes

MVP
Posted Aug 21, 2024 01:47 PM

Reply Reply Privately
Hi All,

We have witnessed numerous AP-635 and Polycom phone reboots that we suspect are caused by LLDP port access role failures/mismatches/disconnects. We believe this because the show LLDP neighbor-info port indicates the following for related interfaces:
Neighbor Entries Deleted : 84
Neighbor Entries Dropped : 0
Neighbor Entries Aged-Out : 84

Access: 6300M Versions 10.13.1010 and 1040 (on some test stacks with no difference in issue)

Core: 8325-48Y8C Version 10.13.1040

I have already opened a TAC case but we are about to begin the fall semester and do not want phones rebooting in the middle of important conversations. We can put a bandaid on it by statically configuring the VLAN, but prefer not to take that step back before exhausting all other options.

LLDP Global Configuration

=========================

LLDP Enabled : Yes

LLDP Transmit Interval : 30

LLDP Hold Time Multiplier : 4

LLDP Transmit Delay Interval : 2

LLDP Reinit Time Interval : 2

LLDP Trap Enabled : No

TLVs Advertised

===============

Management Address

Port Description

Port VLAN-ID

System Capabilities

System Description

System Name

OUI

Port VLAN-Name

Dot1 Link Aggregation

LLDP Port Configuration

=======================

PORT TX-ENABLED RX-ENABLED INTF-TRAP-ENABLED

--------------------------------------------------------------------------

1/1/1-1/1/48 Yes Yes Yes

Port-Access config:

============================

port-access lldp-group aruba-ap
seq 10 match sys-desc ArubaOS
port-access lldp-group poly
seq 10 match sys-desc Poly
port-access role ArubaAP
client-inactivity timeout none
session-timeout 31536000
mtu 9198
poe-priority high
reauth-period 31536000
vlan access name AP-Interconnect
port-access role VoIP
poe-priority critical
trust-mode dscp
vlan trunk native 72
vlan trunk allowed 72,700

port-access device-profile ArubaAP
enable
associate role ArubaAP
associate lldp-group aruba-ap
port-access device-profile VoIP
enable
associate role VoIP
associate lldp-group poly
port-access auto-vlan

One of the problem phone interface config:

==================================
Hemmingson-0W# show running-config interface 2/1/42
interface 2/1/42
description JK:0WR1B42:Rm:010E:svc::
no shutdown
mtu 9198
apply policy VLAN0072-Policy in
apply policy VLAN0072-Policy out
no routing
vlan access 72
rate-limit unknown-unicast 1024 kbps
rate-limit broadcast 1024 kbps
rate-limit multicast 25000 kbps
rate-limit icmp ip-all 1024 kbps
client track ip enable
client track ip update-interval 300
apply fault-monitor profile port-faults
loop-protect
loop-protect vlan 700

exit

Sometimes LLDP shows incomplete as if the interface had not recieved LLDP data:

Hemmingson-0W# show lldp neighbor-info 2/1/42

Port : 2/1/42
Neighbor Entries : 1
Neighbor Entries Deleted : 84
Neighbor Entries Dropped : 0
Neighbor Entries Aged-Out : 84
Neighbor System-Name :
Neighbor System-Description :
Neighbor Chassis-ID :
Neighbor Management-Address :
Chassis Capabilities Available :
Chassis Capabilities Enabled :
Neighbor Port-ID :
Neighbor Port-Desc :
Neighbor Port VLAN ID :
TTL :

Other times it shows correctly (show cmds run seconds apart with no interface change):

Hemmingson-0W# show lldp neighbor-info 2/1/42

Port : 2/1/42

Neighbor Entries : 1

Neighbor Entries Deleted : 84

Neighbor Entries Dropped : 0

Neighbor Entries Aged-Out : 84

Neighbor System-Name : Polycom VVX 501

Neighbor System-Description : Polycom;VVX-VVX_501;3111-48500-001,1;SIP/6.4.6.2640/13-Dec-23 14:31;UP/6.4.6.2224/13-Dec-23 14:42;

Neighbor Chassis-ID : 10.192.11.255

Neighbor Management-Address : 10.192.11.255

Chassis Capabilities Available : Bridge, Telephone

Chassis Capabilities Enabled : Telephone

Neighbor Port-ID : 64:16:7f:3e:e4:cd

Neighbor Port-Desc : 1

Neighbor Port VLAN ID :

Neighbor Port VLAN Name :

Neighbor Port MFS : 0

Link aggregation supported :

Link aggregation enabled :

Aggregation port ID :

TTL : 120

Neighbor PoE information : MED

Neighbor Power Type : PD

Neighbor Power Priority : Unknown

Neighbor Power Source : BOTH

PD Requested Power Value : 8.00 W

PSE Allocated Power Value : 8.00 W

PD Associated TLV : med

PD Requested TLV types : med

Neighbor MED Capabilities

Neighbor Device class : CLASS_III

MED capabilities enabled : Capabilities, Network Policy, PD, Inventory

MED capabilities supported : Capabilities, Network Policy, PD, Inventory

Neighbor Med Network Policy

Neighbor Med Application type : video-conference

Neighbor Med Policy VLAN ID : 700

Neighbor Med Policy Priority : 5

Neighbor Med Policy DSCP : 46

Neighbor Med Policy Unknown : false

Neighbor Med Policy Tagged : true

Neighbor Med Application type : voice

Neighbor Med Policy VLAN ID : 700

Neighbor Med Policy Priority : 5

Neighbor Med Policy DSCP : 46

Neighbor Med Policy Unknown : false

Neighbor Med Policy Tagged : true

Neighbor Med Application type : voice-signaling

Neighbor Med Policy VLAN ID : 700

Neighbor Med Policy Priority : 5

Neighbor Med Policy DSCP : 24

Neighbor Med Policy Unknown : false

Neighbor Med Policy Tagged : true

Neighbor Mac-Phy details

Neighbor Auto-neg Supported : true

Neighbor Auto-Neg Enabled : true

Neighbor Auto-Neg Advertised : 1000 BASE_TFD, 100 BASE_TXFD, 100 BASE_TX, 10 BASET_FD, 10 BASE_T

Neighbor MAU type : 1000 BASETFD

Neighbor EEE information : DOT3

Neighbor TX Wake time : 0 us

Neighbor RX Wake time : 0 us

Neighbor Fallback time : 0 us

Neighbor TX Echo time : 0 us

Neighbor RX Echo time : 0 us

Not sure if there is something misconfigured or a bug.

Here is a log sample corresponding to a link state change and phone reboot:
Interface 2/1/42 is up
Admin state is up
Link state: up for 11 minutes (since Wed Aug 21 10:22:50 PDT 2024)

Yes, the cable is good:
Cable Impedance Distance* MDI
Interface Pinout Status (Ohms) (Meters) Mode
---------------------------------------------------------------------
2/1/42 1-2 good 85-115 -- mdi
(5G-SmartRate) 3-6 good 85-115 -- mdi
4-5 good 85-115 -- mdi
7-8 good 85-115 -- mdi

Hemmingson-0W# show events -r | include 2/1/42
2024-08-21T10:24:24.100917-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:24:12.253337-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:24:09.252417-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:24:08.388552-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:24:08.313911-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:24:08.311604-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:24:08.309482-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:24:06.272654-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:23:53.864046-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:23:53.810234-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:23:53.810030-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:23:53.809795-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:23:52.901684-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:23:52.863431-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:23:52.815896-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:23:52.815650-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:23:52.814644-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:23:50.827810-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:23:25.176162-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:23:25.175484-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:23:14.871727-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:23:14.806755-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:23:14.804702-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:23:14.804418-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:23:12.776611-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:54.181418-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:22:51.158328-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 2/1/42
2024-08-21T10:22:51.158084-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:22:50.301879-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:50.186832-07:00 Hemmingson-0W intfd[927]: Event|403|LOG_INFO|UKWN|1|Link status for interface 2/1/42 is up at 1 Gbps
2024-08-21T10:22:46.322534-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:46.193772-07:00 Hemmingson-0W intfd[927]: Event|404|LOG_INFO|UKWN|1|Link status for interface 2/1/42 is down
2024-08-21T10:22:35.180500-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:22:34.186358-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 2/1/42
2024-08-21T10:22:32.155329-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:30.999380-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:22:30.101736-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:30.047491-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:29.996074-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:22:28.018258-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:17.805643-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:17.763895-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:22:17.307109-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:17.230520-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:17.177195-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:22:15.197907-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:07.040039-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:06.982037-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:22:04.953006-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:22:02.812199-07:00 Hemmingson-0W lldpd[3955]: Event|113|LOG_INFO|CDTR|1|PVID mismatch on 2/1/42 pvid = 72, Neighbor 10.192.11.255 port_id = 64:16:7f:3e:e4:cd pvid = 0
2024-08-21T10:22:02.786339-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:22:00.782828-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:22:00.739633-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:59.820228-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:59.783790-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:59.744243-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:57.745778-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:55.637505-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:55.597404-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:54.795575-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:53.641034-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:53.596916-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:52.699382-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:52.641964-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:52.602812-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:50.590680-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:47.847465-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:47.816525-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:47.770136-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:44.617197-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:44.571209-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:42.578536-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:41.218220-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:39.264636-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:39.217918-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:38.324495-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:38.270697-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:38.223559-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:36.227727-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:29.212037-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:29.156413-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:28.331606-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:28.207819-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:28.162294-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:26.167456-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:17.808751-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:17.766458-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:16.053777-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:14.051388-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:14.015143-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:13.762528-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:11.636195-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:09.027776-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:08.984081-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:06.047731-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:21:05.986256-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:21:04.074884-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from native-untagged to access on VLAN 72
2024-08-21T10:21:01.727781-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42
2024-08-21T10:20:58.777960-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 2/1/42 changed from access to native-untagged on VLAN 72
2024-08-21T10:20:58.731979-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.11.255 added on 2/1/42

Any thoughts or suggestions for config chganges are appreciated in advance!!!

Thanks
Sean
2. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
HR-abaef5

Employee
Posted Aug 22, 2024 04:41 AM

Reply Reply Privately
Not a big fan of device-profiling on a switch, but that's because I tend to do the same with ClearPass; and it should work.

However, from the logs, it looks like there are two devices on the same port: 172.24.135.72 and 10.192.11.255, where the latter appears to be the IP phone (Polycom VVX 501), but do you know what is 172.24.135.72? Can fully imagine what happens if you have multiple devices doing LLDP on the same port as the switch doesn't know which device-profile to apply.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
3. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
cochranes

MVP
Posted Sep 05, 2024 06:46 PM

Reply Reply Privately
Hi Herman,

I had noticed that as well. We have not been able to narrow down why that IP is showing up everywhere. There are actually 2 that show up all over campus related to Polycom phones of various models (172.24.130.15 and 172.24.135.72). Have you ever heard of these IPs showing up on networks this way? I dug through logs, and they show up as far back as the syslog server logs 3/8/2024, about 6 months. It is the oddest thing that I cannot explain. Most occurrences take place in the same building where we see the phone issues the most. So not quite a red herring. The IPs seem to associate with phones as they are conducting lldp transactions. They even show up as the assigned IP for a moment if I run "show lldp neighbor" against a phones port at the right time. We checked for dhcp servers, but snooping is enabled and does not indicate we have a rogue server based on dhvpv4 snooping stats.

show dhcpv4-snooping statistics

Packet-Type Action Reason Count

----------- ------- ----------------------------- ---------

server forward from trusted port 46564

client forward to trusted port 38190

server drop received on untrusted port 0

server drop unauthorized server 0

client drop destination on untrusted port 2225

client drop untrusted option 82 field 0

client drop bad DHCP release request 0

client drop failed verify MAC check 0

client drop failed on max-binding limit 0

Hemmingson-0W# show events -r | include 3/1/20
2024-09-05T15:35:43.638210-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 3/1/20
2024-09-05T15:35:13.637952-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 3/1/20
2024-09-05T15:34:43.639386-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:34:09.634409-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 3/1/20
2024-09-05T15:34:08.643530-07:00 Hemmingson-0W lldpd[3955]: Event|106|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 deleted on 3/1/20
2024-09-05T15:34:08.643291-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 0.0.0.0 added on 3/1/20
2024-09-05T15:33:50.625835-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:48.667446-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:47.738697-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:47.658371-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 172.24.135.72 added on 3/1/20
2024-09-05T15:33:47.657981-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:46.450846-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:46.400726-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:45.609423-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:45.575833-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:43.490275-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:43.447156-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:43.433606-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:43.403555-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:41.406903-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:38.287522-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:38.232778-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:37.451636-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:36.275290-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:36.232008-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:35.391293-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:35.313664-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:35.240557-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:33.211024-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:23.458663-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:23.423533-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:22.788588-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:20.558364-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72
2024-09-05T15:33:20.483277-07:00 Hemmingson-0W lldpd[3955]: Event|104|LOG_INFO|CDTR|1|LLDP neighbor 10.192.13.19 added on 3/1/20
2024-09-05T15:33:18.418772-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from native-untagged to access on VLAN 72
2024-09-05T15:33:09.213625-07:00 Hemmingson-0W ops-switchd[1086]: Event|2107|LOG_INFO|CDTR|1|The mode for port 3/1/20 changed from access to native-untagged on VLAN 72

Any thoughts on how to block these IP's?

I implemented class ip and added it to policy for global inbound but nothing changed as seen in the logs above taken hours after applying the policy change. Perhaps safe to assume the phones are generating this traffic....?

class ip 172-24-Block
10 match any 172.24.130.15 any
20 match any any 172.24.130.15
30 match any any 172.24.135.72
40 match any 172.24.135.72 any

policy IPv6
10 class ipv6 IPv6 action drop
20 class ip 172-24-Block action drop

apply policy IPv6 in

Thanks in advance for any help!!

Original Message
4. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
HR-abaef5

Employee
Posted Sep 16, 2024 03:35 AM

Reply Reply Privately
Have you performed a packet capture on a port with one of those phones? It may help to better understand what is happening; and there may be a setting in the phone that enables/disables this behavior. Also, if you see the phone using multiple MAC/IP, you may contact their support. The LLDP profiling feature may just conflict with what these phones do.

I remember seeing something similar, where the phone 'reflected' traffic back between the voice VLAN and the native VLAN (or another VLAN), and causing issues by letting the switch think that devices moved behind the phone, which were not in reality. Packet capture/port mirror will probably make clear what is happening. Using ClearPass (or similar RADIUS) and multi-auth or multi-host may work as well in this case if it's 'just' two MAC/IPs; as well to authenticated the devices behind the phone.

For TAC, this doesn't sound like a 'standard issue', so if you have not yet done so, make sure the case is escalated to more advanced engineers.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message
5. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
cochranes

MVP
Posted Sep 16, 2024 12:03 PM
Edited by cochranes Sep 16, 2024 12:15 PM

Reply Reply Privately
Hi Herman,

"Have you performed a packet capture on a port with one of those phones"
We have taken a few captures, mirroring traffic from one of the phone ports, but it was not really enlightening. Over half an hour, all I captured were some IGMP packets (used the unknown IP's as search filters).

21037 2024/236 17:12:26.959069120 172.24.130.15 224.0.1.116 IGMPv2 60 Membership Report group 224.0.1.116

20893 2024/236 17:12:12.389594155 172.24.135.72 224.0.1.116 IGMPv2 60 Membership Report group 224.0.1.116

My team and I will look into the phone settings again a check for multiple MAC/IP config or settings.

To address your earlier concern/comment-
"Not a big fan of device-profiling on a switch, but that's because I tend to do the same with ClearPass; and it should work"
I have already built out processes for this in ClearPass that we will be migrating to in our next phase of ZTNA.

Also, we do have a support ticket escalated to engineeing at this time, and they have communicated well. I will report back any relevent findings.

Thanks again Herman!

Original Message
6. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
HR-abaef5

Employee
Posted Sep 23, 2024 06:23 AM

Reply Reply Privately
Do you have the source MAC addresses as well for those IGMPv2 messages? Are these the same or different from the phone?

It's still a mystery to me where these come from... if you solved it, please let us know how.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message
7. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
cochranes

MVP
Posted Sep 23, 2024 04:20 PM

Reply Reply Privately
Hi Herman,

I private messaged you a sample of the phones traffic if you want to dive through out of curiousity.

"Are these the same or different from the phone?"
Yes, the mac address associated to those packets is the same as the phone.

Original Message
8. RE: Wired Port Access LLDP Drops Client VLAN assignment
Best Answer

Kudos
cochranes

MVP
Posted Oct 15, 2024 12:51 PM
Edited by cochranes Oct 15, 2024 12:54 PM

Reply Reply Privately
Hello Herman and Community,

The issue has been identified as a bug. The bug is triggered by having some interfaces configured as "no lldp receive" which causes the bug to strip LLDP assigned profiles from other LLDP receive enabled interfaces shortly after being assigned causing thrashing of VLAN assignment as seen in the logs. The issue was more prominent in one switch stack which is also where we had the most interfaces configured as "no lldp receive".

We are currently on version 10.13.1040, but we think we have had the issue on all versions since 10.10.

I have been updated today that they are currently working on the fix that they expect to include in November's patch release.

Thanks!

Original Message
9. RE: Wired Port Access LLDP Drops Client VLAN assignment

Kudos
HR-abaef5

Employee
Posted Oct 16, 2024 06:23 AM

Reply Reply Privately
Thanks for the update. Good to know the root cause was found and there will be a fix.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message

Higher Education

Wired Port Access LLDP Drops Client VLAN assignment

cochranesAug 21, 2024 01:47 PM

HR-abaef5Aug 22, 2024 04:41 AM

cochranesSep 05, 2024 06:46 PM

HR-abaef5Sep 16, 2024 03:35 AM

cochranesSep 16, 2024 12:03 PM

HR-abaef5Sep 23, 2024 06:23 AM

cochranesSep 23, 2024 04:20 PM

cochranesOct 15, 2024 12:51 PMBest Answer

HR-abaef5Oct 16, 2024 06:23 AM

1. Wired Port Access LLDP Drops Client VLAN assignment

2. RE: Wired Port Access LLDP Drops Client VLAN assignment

3. RE: Wired Port Access LLDP Drops Client VLAN assignment

4. RE: Wired Port Access LLDP Drops Client VLAN assignment

5. RE: Wired Port Access LLDP Drops Client VLAN assignment

6. RE: Wired Port Access LLDP Drops Client VLAN assignment

7. RE: Wired Port Access LLDP Drops Client VLAN assignment

8. RE: Wired Port Access LLDP Drops Client VLAN assignment
Best Answer

9. RE: Wired Port Access LLDP Drops Client VLAN assignment

Airheads Community

Contact

Company

Support

Partners

Higher Education

Wired Port Access LLDP Drops Client VLAN assignment

cochranesAug 21, 2024 01:47 PM

HR-abaef5Aug 22, 2024 04:41 AM

cochranesSep 05, 2024 06:46 PM

HR-abaef5Sep 16, 2024 03:35 AM

cochranesSep 16, 2024 12:03 PM

HR-abaef5Sep 23, 2024 06:23 AM

cochranesSep 23, 2024 04:20 PM

cochranesOct 15, 2024 12:51 PMBest Answer

HR-abaef5Oct 16, 2024 06:23 AM

1. Wired Port Access LLDP Drops Client VLAN assignment

2. RE: Wired Port Access LLDP Drops Client VLAN assignment

3. RE: Wired Port Access LLDP Drops Client VLAN assignment

4. RE: Wired Port Access LLDP Drops Client VLAN assignment

5. RE: Wired Port Access LLDP Drops Client VLAN assignment

6. RE: Wired Port Access LLDP Drops Client VLAN assignment

7. RE: Wired Port Access LLDP Drops Client VLAN assignment

8. RE: Wired Port Access LLDP Drops Client VLAN assignment Best Answer

9. RE: Wired Port Access LLDP Drops Client VLAN assignment

Related Content

MacBooks - wpa2-eap-peap reauth delays...

Wireless printers

AP225

RE: MacBooks - wpa2-eap-peap reauth delays...

Windows XP

Airheads Community

Contact

Company

Support

Partners

8. RE: Wired Port Access LLDP Drops Client VLAN assignment
Best Answer