Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC L3 OOB VoIP

I've configured a CAM and CAS as both L2 OOB and have enabled L3 support with Real IP. I have a remote site that uses Avaya 4610SW VoIP phones. Both the CAM and CAS reside locally with no CAS at the remote site.

I'm able to get full functionality with VoIP phones and clients connected to the phones from a Layer 2 perspective, however when I try and get the remote office VoIP phone/client combo, it doesn't work. When I remove the phone and plug the client machine directly to the switchport, it works, so I'm sure the PBR and GRE configs are correct.

From my readings, I know that you need to exclude the mac addresses of the phones, and when I have done testing from a Layer 2 perspective, it works without a problem. The problem that I am seeing is that the mac address of the phone is not being picked up by the NAC. I'm aware that mac addresses are stripped off for L3, but I have no idea how to get this to work. The profile has been set up to not bounce the port, mac address notification vs linkup/down, etc.

Any ideas would be greatly appreciated.

Thanks

Jeff

3 REPLIES

Re: NAC L3 OOB VoIP

Jeff,

In this scenario, the L3 stripping off the MACs doesn't apply. If you are controlling the switch on the remote site with CAM and sending MAC-Notifications to the CAM, those notifications would include the MAC of your phone.

You have to make sure that the MAC addresses of those phones are in the "IGNORE" filter on your CAM and not ALLOW filter. This essentially tells the CAM that when the switch reports a new MAC on the switchport, and if it's in the IGNORE filter, to ignore that MAC and now switch the port back to AUTH vlan.

HTH,

Faisal

New Member

Re: NAC L3 OOB VoIP

Thanks Faisal.

We configured the CAM to ignore the MAC addresses of the phone. The issue seems to be is that the CAM is not able to pick up the MAC address of the phone in the L3 OOB deployment. It only sees the MAC of the desktop, not the phone.

When we did the testing at L2, the CAM picks up the MAC of the phone without a problem and everything works fine.

Any suggestions?

Thanks

Jeff

Re: NAC L3 OOB VoIP

Jeff,

Best tackled in a TAC case. You would have to enable the logging to TRACE for the SNMP categories and then look at the CAM logs to see what is being sent to the CAM in the traps. Alternatively you can also capture the traffic and see what is being sent.

HTH,

Faisal

186
Views
0
Helpful
3
Replies