Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC through an IP phone

Hey guys,

We have just implemented NAC (L2 IP) and have it working on switchports assigned to a data VLAN. We are however having problems checking PC's that are hooked into a phone. The phone is on a voice vlan and the pc is on the data vlan. I would really appreciate if someone could post a working config that uses NAC L2 IP on either a 3550 or 3560 with IP phones on seperate VLAN's then PC's but plugged into a single port. Also, anyone know if Cisco plan's on rolling out L3 IP NAC to 3550's and 3560's with the IP services and above image, and if so when?

Thanks, and I will award points for any helpful answers.

  • Other Security Subjects
New Member

Re: NAC through an IP phone

Hello - Which version of the Clean Access NAC software are you running?

I would assume that you've got the voice vlan not being managed by the CAS; therefore, it would just be a matter of adding each mac address for all of your phones to the Device Management->Filters list with the ignore action. Then you will need to go to the Switch Management\Port Profile and make sure that the Change VLAN according to global device filter list option is selected and it might be a good idea to also check 'Remove out-of-band online user when SNMP linkdown trap is received.'. I would assume that you are also using SNMP linkdown traps and not just linkup notification?

Hope this helps.