09-30-2016 03:45 AM
I’ve got a customer issue that is preventing an expansion plan.
They have PC’s behind IP phones and are concerned that when the PC reboots after a patch install that because they have an IP phone connected the port state doesn’t (or new MAC detection) that the A/C agent doesn’t perform posture validation.
Is there anything we can do?
Below is the long TAC case
http://wwwin-tools.cisco.com/casekwery/getServiceRequest.do?id=680942643
Solved! Go to Solution.
09-30-2016 04:35 AM
What kind of iphones do they have Tim? If Cisco, are they running dot1x auth or doing posture only? If so then either proxy eapol-logoff or cdp second port disconnect feature may work:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
George
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
09-30-2016 04:35 AM
What kind of iphones do they have Tim? If Cisco, are they running dot1x auth or doing posture only? If so then either proxy eapol-logoff or cdp second port disconnect feature may work:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
George
Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.
10-03-2016 02:53 AM
Hi George. Thanks for the note.
They are running dot1x and doing posture with Anyconnect. It's looking to be a switch bug rather than an A/C client.
Tim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: