I have this situation, my customer is using alacatel ip phones for his Ip Telephony and i already configure a Device Filter list with the MAC of the phone so the NAS can ignore its MAC and also enable the Change vlan acording to device filter list option in the port profile but as soon as the user logs into the network the port change to the authentication vlan again and the user is out the network.
What i've notice is that when the NAM takes control of the switch via SNMP the mac address that are learned from the port that is connected to the ip phone are coming up and down many times, i mean when i perform the command show mac-address-table int f0/1 sometimes the macs are there and sometimes no and i think the switch is sending this trap to the NAM and that's why the vlan comes again to the authentication vlan.
I tought that could be an SNMP issue and i upgrade the IOS in the switch and also tried with a diferent one but is the same situation.
Is there something else that i have to do to have NAC working with users connected to ip phones???
With Cisco NAC Appliance Out-of-Band deployment, the Clean Access Server (CAS) is inline with user traffic only during the process of authentication, assessment and remediation. Following that, user traffic does not pass through the CAS. In OOB deployment, the Clean Access Manager (CAM) uses SNMP to control switches and set VLAN assignments for ports.
Have had an opportunity to check the chalktalk presentation on CCO for NAC/IP Phone implementation. It covers the routine for this type of deployment very well.
In short, with Cisco IP phones, you use the Data and Voice VLAN commands on the port connected to the IP phone. This is an update to the older configurations where you configured the port as a dot1q trunk.
For other than Cisco IP phones (alactel), you have to configure the port as a trunk. NAC will see the native VLAN as the data VLAN, and change it when doing the OOB switch to the Auth/Access VLAN, leaving you "voice" VLAN alone.
Also, be sure you do not have port bouncing configured for the controlled switch port profile.
Hi did the same but, IP Phones are not working, After that i changed the vlan settings in the IPhone as shown below
here the inteface which is leading to PC from IP Phone is manualy configured for vlan 10(Voice vlan), After this NAC started to give issues. I am comming back to my question did u made any changes to IP Phone settings?. If not can anyone provide solution for the same.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :