NAC L3 OOB VoIP

Unanswered Question
Nov 13th, 2009
User Badges:

I've configured a CAM and CAS as both L2 OOB and have enabled L3 support with Real IP. I have a remote site that uses Avaya 4610SW VoIP phones. Both the CAM and CAS reside locally with no CAS at the remote site.


I'm able to get full functionality with VoIP phones and clients connected to the phones from a Layer 2 perspective, however when I try and get the remote office VoIP phone/client combo, it doesn't work. When I remove the phone and plug the client machine directly to the switchport, it works, so I'm sure the PBR and GRE configs are correct.


From my readings, I know that you need to exclude the mac addresses of the phones, and when I have done testing from a Layer 2 perspective, it works without a problem. The problem that I am seeing is that the mac address of the phone is not being picked up by the NAC. I'm aware that mac addresses are stripped off for L3, but I have no idea how to get this to work. The profile has been set up to not bounce the port, mac address notification vs linkup/down, etc.


Any ideas would be greatly appreciated.


Thanks

Jeff



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Fri, 11/13/2009 - 09:32
User Badges:
  • Gold, 750 points or more

Jeff,


In this scenario, the L3 stripping off the MACs doesn't apply. If you are controlling the switch on the remote site with CAM and sending MAC-Notifications to the CAM, those notifications would include the MAC of your phone.


You have to make sure that the MAC addresses of those phones are in the "IGNORE" filter on your CAM and not ALLOW filter. This essentially tells the CAM that when the switch reports a new MAC on the switchport, and if it's in the IGNORE filter, to ignore that MAC and now switch the port back to AUTH vlan.


HTH,

Faisal

j.ridgers Mon, 11/16/2009 - 08:19
User Badges:

Thanks Faisal.


We configured the CAM to ignore the MAC addresses of the phone. The issue seems to be is that the CAM is not able to pick up the MAC address of the phone in the L3 OOB deployment. It only sees the MAC of the desktop, not the phone.


When we did the testing at L2, the CAM picks up the MAC of the phone without a problem and everything works fine.


Any suggestions?


Thanks

Jeff

Faisal Sehbai Mon, 11/16/2009 - 17:55
User Badges:
  • Gold, 750 points or more

Jeff,


Best tackled in a TAC case. You would have to enable the logging to TRACE for the SNMP categories and then look at the CAM logs to see what is being sent to the CAM in the traps. Alternatively you can also capture the traffic and see what is being sent.


HTH,

Faisal

Actions

This Discussion