09-27-2010 12:57 AM - edited 03-09-2019 11:10 PM
Hi,
I am using cisco L2 NAC OOB real ip and OOB virtual IP .
Now when users conencted to the same ip phone port , that port has to be kept unmanaged due to phone authentication and as a result , nac is never used on the machines conencted to IP phone
Any solution would be helpful
09-27-2010 08:38 AM
Raja,
You have to put the phone's MAC address on the CAM as an IGNORE filter list. This way the CAM ignores the MAC notifications coming with the phone's MAC address and authenticate/posture-assess the PC only.
More details on IPT setup with CCA here:
HTH,
Faisal
10-03-2010 11:53 PM
Hi,
Thanks
But if I do not save a separate voice vlan , is there any other option available
rgds
10-04-2010 01:36 PM
Rajashree,
So your voice traffic uses the data vlan also?
Faisal
--
If you find this post helpful, please rate so others can find the answer easily
10-05-2010 01:21 AM
Hi,
Thks for ur help Faisal
Unfortunately we do not have a separate vlan .
Any workaround ?
Regs
10-05-2010 07:26 PM
Rajashree,
Unfortunately not any good solutions then. When you have both your phone and data going through the same vlan, then you can try putting the phone MAC address in the IGNORE filter list and hope for the best that your voice quality doesn't drop. Theoratically it should work since CAM should ignore the phone's MAC address, but you'll have to also adjust your port profile to ignore any new MAC addresses.
HTH,
Faisal
--
If you find this post helpful, please rate so others can find the answer easily
11-08-2010 10:34 PM
Hi,
I tested with filters , but when I bounce the pc 's port the ip phone is also rebooting at that time .( which i dont want)
I do not want the ip phone to change vlan .at the time when Pc goes to authenticating vlan.
I suppose this cannot be achived without a separate vlan
I want to crate a separate voice vlan .
Can any one point out the steps required for OOB virtual gateway for IP phone . I am also using AD sso for authentication
Thanks in advance
11-09-2010 01:39 AM
Hi,
Regarding SSO please take a look into the config example:
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080884229.shtml.
OOB VG for IPT:
https://supportforums.cisco.com/docs/DOC-13892.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
11-10-2010 08:25 PM
Hi,
Thanks so much for the pdf.
Now I got it partly working i.e : now ip phone does not bounce.
But when I disconnect the lan or I bounce the lan port , pc does not go to the authentication vlan.
I do not get a pop up each time when I log into the pc
My authentication vlan is vlan 400.Creat ed a voice vlan 10 and access vlan is 1 .
but when I bounce the port , my pc does not go to vlan 400
Thanks in advance for ur help
11-12-2010 05:39 AM
Are sending SNMP linkup/linkdown traps to the CAM? Do you have the port profile configured to remove the user from the OOB list and move it back to the auth VLAN when it receives a linkdown trap?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: