cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1129
Views
0
Helpful
9
Replies

Ip phone issue

rajasbha
Level 1
Level 1

Hi,

I am using  cisco  L2 NAC OOB real ip and OOB virtual  IP .

Now when users conencted to the same ip phone port , that port has to be kept unmanaged due to phone authentication and as a result , nac is never used on the machines conencted to IP phone

Any solution would be helpful

9 Replies 9

Faisal Sehbai
Level 7
Level 7

Raja,

You have to put the phone's MAC address on the CAM as an IGNORE filter list. This way the CAM ignores the MAC notifications coming with the phone's MAC address and authenticate/posture-assess the PC only.

More details on IPT setup with CCA here:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_oob.html#wp1191758

HTH,

Faisal

Hi,

Thanks

But if I do not save a separate voice vlan , is there any other option available

rgds

Rajashree,

So your voice traffic uses the data vlan also?

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Hi,

Thks for ur help  Faisal

Unfortunately we do not have a separate vlan .

Any  workaround ?

Regs

Rajashree,

Unfortunately not any good solutions then. When you have both your phone and data going through the same vlan, then you can try putting the phone MAC address in the IGNORE filter list and hope for the best that your voice quality doesn't drop. Theoratically it should work since CAM should ignore the phone's MAC address, but you'll have to also adjust your port profile to ignore any new MAC addresses.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Hi,

I tested with filters , but when I bounce the pc 's  port the ip phone is also rebooting at that time .( which i dont want)

I do not want the ip phone to change vlan .at the time when Pc goes to authenticating vlan.

I suppose this cannot be achived without a separate vlan

I want to crate a separate voice vlan .

Can any one point out the steps required for OOB virtual gateway  for IP phone . I am also using AD sso  for authentication

Thanks in advance

Hi,

Regarding SSO please take a look into the config example:

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080884229.shtml.

OOB VG for IPT:

https://supportforums.cisco.com/docs/DOC-13892.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Hi,

Thanks so much for the pdf.

Now I got it partly working i.e : now ip phone does not bounce.

But when I disconnect the lan or I bounce the lan  port , pc does not go to the authentication vlan.

I do not get a pop up each time when I log into the pc

My authentication vlan is vlan 400.Creat ed a voice vlan 10 and access vlan is 1 .

but when I bounce the port , my pc does not go to vlan 400

Thanks in advance for ur help

Are sending SNMP linkup/linkdown traps to the CAM?  Do you have the port profile configured to remove the user from the OOB list and move it back to the auth VLAN when it receives a linkdown trap?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: