Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with Aastra IP Phone and 802.1x

I'm running Aastra IP-phones with 802.1X on Cisco 2960-switches 15.0(2)SE2 and 12.2(55)SE5.

Both phones and clients are authenticated and works fine. My problem is that the phone does not drop the clients mac address when the client is disconnected. It is not possible to disconnect the client from the phone and connect the client either after another phone or directly to a switch port. It does not help to reload the PC or release IP address or even disconnect the client over night. The phone still advertises the client mac address along with it's own. The only thing that works is to disconnect the client and reload the phone.

Authentication mac-move permit is configured on the client but has no effect.

There is no problem to move clients that is directly connected to a switch port. So it seems like the phone don't want to release the client mac address.

Phones are not configured by me. Is there anyone else who has the same problem?

Port config-example:

switchport mode access

switchport voice vlan 10

no logging event link-status

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

priority-queue out

authentication host-mode multi-domain

authentication port-control auto

authentication violation protect

mls qos trust cos

dot1x pae authenticator

auto qos voip trust

spanning-tree portfast

Hall of Fame Super Gold

Re: Problem with Aastra IP Phone and 802.1x

If you believe it's a problem with the phone, you should bring the issue to the phone vendor.

New Member

Problem with Aastra IP Phone and 802.1x

Thank you, Paolo!

Yes, I have. And waited for months for an answer. Five minutes after I put my question here, I got answer that there will be released a new firmware for the phone:

The phone will send eapol logoff to the switch using PC's mac if the PC is removed from phone.

The problem should be solved in this release. So I hope for the best!