Cisco IP Phones, Unified Video Advantage and Jabber Video Chat software is blocked when Symantec Endpoint Protection's (SEP) Network Threat Protection (NTP) component is installed. This occurs when the default SEP NTP rules are used.
SEP Traffic Logs show ethernet protocol traffic with multicast addresses 01-00-0c-cc-cc-cc or 01-00-0c-cc-cc-cd being blocked by the SEP firewall.
These devices/software use the Cisco Discovery Protocol (CDP) which is a proprietary layer 2 network protocol developed by Cisco Systems. This protocol is used on Cisco equipment and is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. Cisco devices send CDP announcements to the multicast destination address 01-00-0c-cc-cc-cc / cd and it is blocked by NTP. CdpPacketWdmCvl.sys is the Cisco Discover Protocol Packet driver.
SEP does not recognize this traffic with the default firewall policy. As such, it is blocked by the "Block all other traffic" rule.
Create a rule in the firewall to allow MAC Address 01-00-0c-cc-cc-cc and 01-00-0c-cc-cc-cd as well as Ethernet Protocols 0x10b and 0x2000.
Log in to Symantec Endpoint Protection Manager.
Click on the Policy tab
Edit the Firewall Policy
Click on Add Blank Rule
Rename it to something meaningful (i.e. Allow CDP Packets)
Action should be Allow
Open the Host List and set to Source/Destination
Then click Add under Destination
Select MAC address from the drop down menu
Add the MAC Addresses 01-00-0c-cc-cc-cc and 01-00-0c-cc-cc-cd
Open the Service List
Click Add and select Ethernet under the Protocol drop down.
Add the 0x10b and direction set to Both
Repeat above to also include the 0x2000 protocol with direction set to Both
Apply the policy to the client groups as applicable.
Imported Document ID: TECH105234
Subscribing will provide email updates when this Article is updated. Login is required.