We are in the process of implementing NAC. Our initial rollout is going to use the NAC for 2 purposes.
1. Control switchports that have phones attached and are publicly accessible. We would like for only the phones to work on those ports.
2. Control the conference room ports to allow guest and employee access.
As we stand right now we have successfully completed both but we maybe having some issues.
The Conference room phone (7937) is configured as a switchport access vlan. The MAC address is setup in the global list, and set to Allow.
I attempted to set it to ignore but then the port never goes to the blackhole vlan.
Our goal is make sure that if any device that is in the filtered list plugs into that port it is placed on the proper vlan, but if any other device plugs in it is blackholed. This is working fine but I got reports that this phone lost connectivity to UCM 2 times during a call yesterday. This has not happened prior to introducing the NAC. Is there a better way to have this configured? I don't want to sacrifice stability for the sake of security.