We are about to implement IP phones to our current network and during testing I have found 2 issues.
1- ip phone connects to a protected port using ISE mab authentication for the data network.
The voice VLAN is set up static on the port. The pc VLAN is given by ISE profiling.
Then the issue is that once the pc connects to the VLAN it belongs to from the ip phone it leaves open that vlan on that port which means that if I connect another pc it will get the original VLAN the port had open up the connection with. This is a big security issue as computers that should not be allowed on specific VLAN can access them this way.
2- once the connection is up and running on the port for both the phone and the pc, there is re-authentication Happening every minute to ISE. The Authentication logs are getting so many messages for just one port. So once we convert from 2 ip phones to 500, that is definitely going to generate a lot of unnecessary traffic.
Let me know your thoughts...thanks
Port config info....below
description Extra port by Camilos Desk
switchport mode access
switchport voice vlan 220
srr-queue bandwidth share 1 30 35 5
authentication event fail action next-method
authentication event server alive action reinitialize
"authentication host-mode multi-domain" command is under each port
This will allow one voice vlan and only one PC vlan at any given time. If you disconnect a PC and connect onother PC mac address to it, the phone will reinitialize to accept or reject the new mac based on its profile.
I have not found a solution. But what I have found after deployment is that it has happend only on 2 VOIP phones, out of 70 that we have as of now. So it might to be related to ISE.
On the other hand we are not using Cisco phones but mitel. So this might be a whole issueon itself.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...