09-30-2016 03:45 AM
I’ve got a customer issue that is preventing an expansion plan.
They have PC’s behind IP phones and are concerned that when the PC reboots after a patch install that because they have an IP phone connected the port state doesn’t (or new MAC detection) that the A/C agent doesn’t perform posture validation.
Is there anything we can do?
Below is the long TAC case
http://wwwin-tools.cisco.com/casekwery/getServiceRequest.do?id=680942643
Solved! Go to Solution.
09-30-2016 04:35 AM
What kind of iphones do they have Tim? If Cisco, are they running dot1x auth or doing posture only? If so then either proxy eapol-logoff or cdp second port disconnect feature may work:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
George
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
09-30-2016 04:35 AM
What kind of iphones do they have Tim? If Cisco, are they running dot1x auth or doing posture only? If so then either proxy eapol-logoff or cdp second port disconnect feature may work:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
George
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
10-03-2016 02:53 AM
Hi George. Thanks for the note.
They are running dot1x and doing posture with Anyconnect. It's looking to be a switch bug rather than an A/C client.
Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide