I have been reading the forums about NAC and IP Phones, Cisco and Non Cisco. Can somebody help me understand how NAC works with LLDP and CDP for Phones. Will it automaticly bypass the phone since they will be on the voice vlan? Or how does that work. The previous Forms seem to be a bit confusing around this subject, escpically LLDP.
we had a very strange issue where about 25% of NAC-ed users were getting booted back to the Auth Vlan once a day, twice a day, twice a week? It was very random. A couple of users were getting thrown into the Auth Vlan every minute. I had to un-NAC their switch port to get them (and me) some relief.
In the end we found that the 7960's of the Users experiencing the issue were not in the Filter List on NAC. NAC was getting notified about the Phone MAC and toggling the port to the Auth vlan. This of course had no impact on the phone (on the Voice Vlan.) But the PC was getting dumped into the Auth Vlan so the Agent had to rerun/reauth.
Big caveat: I'm a NAC Novice. I'm not making any claims that CDP is irrelevant, unnecessary, or otherwise dismissable. I'm just sharing my microscopic experience with our NAC install.
ps. we now use Profiler to populate the Filter list. it wasn't yet in production when we had the issue.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...