Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
3
Replies

Enforcing MACsec on Computer connected behind IP Phone

Go to solution
Walker
Beginner
Beginner

‎01-25-2023 07:43 AM

I have a lab set up and I have been tinkering with pushing MACsec policies using EAP-TLS to workstations. When I have a workstation connected to an interface, everything works as intended. Link is secured using MACsec. When I plug in an IP phone to the port and connect the workstation behind the phone, it seems MKA can not negotiate properly and the link fails.

 

Has anyone been able to get a working configuration in order for a situation like this? I'm wondering if MACsec is just not supported in a situation like this. There is not much official Cisco documentation on Switch-to-Host MACsec and if there is, it's pretty vague but I interpret the language as if it should work. Could there be an IP phone setting that must be tweaked in order to get it in working order? Unfortunately I do not have access to our CUCM or IP phone device settings.

My current setup is:  Cisco 9300 > Cisco 8851NR IP Phone > HP Workstation Win11 using AnyConnect NAM

Any information is appreciated!

0 Helpful