Hi,

We have a problem with 802.1x configuration via IP Phone.

PC (win7 with certificate)-------IP Phone (7911, 9.2.1s firmware)-----switch (2960, lab base 12.2(58)SE2)

Configuration on the port on the switch:

interface FastEthernet0/3

switchport access vlan 699

switchport mode access

switchport voice vlan 746

switchport port-security maximum 2

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0019.dbdd.42d4

switchport port-security mac-address sticky 001f.ca35.43c4 vlan voice

srr-queue bandwidth share 10 10 60 20

priority-queue out

authentication event fail retry 0 action authorize vlan 357

authentication event server dead action authorize vlan 82

authentication event no-response action authorize vlan 357

authentication event server alive action reinitialize

authentication port-control auto

authentication timer restart 0

mls qos trust device cisco-phone

mls qos trust cos

macro description cisco-phone

dot1x pae authenticator

dot1x timeout tx-period 5

auto qos voip cisco-phone

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

service-policy input AutoQoS-Police-CiscoPhone

After shutting down the PC, port are moving in the d0t1x unauthorized state, but it is also removing sticky MAC address from the port configuration! Without sticky keyword, with adding static mac address via portsecurity on the port, everything is working fine, but I can not understand why dot1x port state are also removing sticky mac address ?

Most interesting part is that this is not happening if PC is directly connected to the switch, not via IP Phone.

Any idea?

Thank You in advance