Cisco IP Phones, Unified Video Advantage and Jabber Video Chat software is blocked when Symantec Endpoint Protection's (SEP) Network Threat Protection (NTP) component is installed. This occurs when the default SEP NTP rules are used.
SEP Traffic Logs show ethernet protocol traffic with multicast addresses 01-00-0c-cc-cc-cc or 01-00-0c-cc-cc-cd being blocked by the SEP firewall.
These devices/software use the Cisco Discovery Protocol (CDP) which is a proprietary layer 2 network protocol developed by Cisco Systems. This protocol is used on Cisco equipment and is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. Cisco devices send CDP announcements to the multicast destination address 01-00-0c-cc-cc-cc / cd and it is blocked by NTP. CdpPacketWdmCvl.sys is the Cisco Discover Protocol Packet driver.
SEP does not recognize this traffic with the default firewall policy. As such, it is blocked by the "Block all other traffic" rule.
Create a rule in the firewall to allow MAC Address 01-00-0c-cc-cc-cc and 01-00-0c-cc-cc-cd as well as Ethernet Protocols 0x10b and 0x2000.