Cisco IP Phones, Unified Video Advantage and Jabber Video Chat software is blocked when Symantec Endpoint Protection's (SEP) Network Threat Protection (NTP) component is installed. This occurs when the default SEP NTP rules are used.
SEP Traffic Logs show ethernet protocol traffic with multicast addresses 01-00-0c-cc-cc-cc or 01-00-0c-cc-cc-cd being blocked by the SEP firewall.
These devices/software use the Cisco Discovery Protocol (CDP) which is a proprietary layer 2 network protocol developed by Cisco Systems. This protocol is used on Cisco equipment and is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. Cisco devices send CDP announcements to the multicast destination address 01-00-0c-cc-cc-cc / cd and it is blocked by NTP. CdpPacketWdmCvl.sys is the Cisco Discover Protocol Packet driver.
SEP does not recognize this traffic with the default firewall policy. As such, it is blocked by the "Block all other traffic" rule.
Create a rule in the firewall to allow MAC Address 01-00-0c-cc-cc-cc and 01-00-0c-cc-cc-cd as well as Ethernet Protocols 0x10b and 0x2000.
Log in to Symantec Endpoint Protection Manager.
Click on the Policy tab
Edit the Firewall Policy
Click on Add Blank Rule
Rename it to something meaningful (i.e. Allow CDP Packets)
Action should be Allow
Open the Host List and set to Source/Destination
Then click Add under Destination
Select MAC address from the drop down menu
Add the MAC Addresses 01-00-0c-cc-cc-cc and 01-00-0c-cc-cc-cd
Open the Service List
Click Add and select Ethernet under the Protocol drop down.
Add the 0x10b and direction set to Both
Repeat above to also include the 0x2000 protocol with direction set to Both
Apply the policy to the client groups as applicable.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.