I've configured a CAM and CAS as both L2 OOB and have enabled L3 support with Real IP. I have a remote site that uses Avaya 4610SW VoIP phones. Both the CAM and CAS reside locally with no CAS at the remote site.
I'm able to get full functionality with VoIP phones and clients connected to the phones from a Layer 2 perspective, however when I try and get the remote office VoIP phone/client combo, it doesn't work. When I remove the phone and plug the client machine directly to the switchport, it works, so I'm sure the PBR and GRE configs are correct.
From my readings, I know that you need to exclude the mac addresses of the phones, and when I have done testing from a Layer 2 perspective, it works without a problem. The problem that I am seeing is that the mac address of the phone is not being picked up by the NAC. I'm aware that mac addresses are stripped off for L3, but I have no idea how to get this to work. The profile has been set up to not bounce the port, mac address notification vs linkup/down, etc.
In this scenario, the L3 stripping off the MACs doesn't apply. If you are controlling the switch on the remote site with CAM and sending MAC-Notifications to the CAM, those notifications would include the MAC of your phone.
You have to make sure that the MAC addresses of those phones are in the "IGNORE" filter on your CAM and not ALLOW filter. This essentially tells the CAM that when the switch reports a new MAC on the switchport, and if it's in the IGNORE filter, to ignore that MAC and now switch the port back to AUTH vlan.
We configured the CAM to ignore the MAC addresses of the phone. The issue seems to be is that the CAM is not able to pick up the MAC address of the phone in the L3 OOB deployment. It only sees the MAC of the desktop, not the phone.
When we did the testing at L2, the CAM picks up the MAC of the phone without a problem and everything works fine.
Best tackled in a TAC case. You would have to enable the logging to TRACE for the SNMP categories and then look at the CAM logs to see what is being sent to the CAM in the traps. Alternatively you can also capture the traffic and see what is being sent.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...