cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3881
Views
0
Helpful
3
Replies

MITEL 5224 and 802.1X Authentication

Hi Folks,

 

A bit of a weird one.

 

Have deployed IEEE 802.1X on wired network in 'Monitor Mode' with a view towards 'Low Impact' mode later this year.  Having some issues at a particular site where certain MITEL 5224 IP Phones are working, whilst others are struggling.

 

The handsets that are struggling don't even register their mac-address with the local mac-table and (obviously) don't get an IP address.

 

The problem is exacerbated by two factors; (i) current working conditions preventing site access for hands-on troubleshooting and (ii) some MITEL 5224 IP phones connected to the same switch work fine.

 

I've been told that "no changes have been made to MITEL equipment".  Standard.

 

The LAN switches are Catalyst 9300 running IOS-XE 16.9.5 and have been rebooted recently.  We've also moved non-working phones to a working port and they fire up!  Similarly, a previously working phone is moved to a "non-working" switchport and it fails. 

 

So the problem does not seem to be following the phones around but the switchport configs are identical!!....

 

You may not have the answer, but I need some fresh input here to spark some "out of the box" thinking. Please.

1 Accepted Solution

Accepted Solutions

Hi,

Similar experience with different IOS-XE images. I have never seen this
listed as a bug, but I think its a bug when it comes to voice and data
domains. If I remove the voice checkbox from ISE and configure the port as
access with the voice vlan instead of data (or trunk with nativa vlan as
voice vlan), it works fine.

I ended up having my pre-auth ACL to allow voice-voice communication in
addition to DHCP and deny everything else.


**** please remember to rate useful posts

View solution in original post

3 Replies 3

Colby LeMaire
VIP Alumni
VIP Alumni

Assuming the configurations are identical on all the ports.  Is there any rhyme or reason to which ports are working which ones are not?  For example, ports 1-12 don't work but 13-24 do?  Are you plugging directly into the switchport or to a wall jack?  Any equipment in the physical path at all such as transceivers or hubs?

pan
Cisco Employee
Cisco Employee

Do you see authentication happening on the swithcport? What do you see in span capture of the port?

Hi,

Similar experience with different IOS-XE images. I have never seen this
listed as a bug, but I think its a bug when it comes to voice and data
domains. If I remove the voice checkbox from ISE and configure the port as
access with the voice vlan instead of data (or trunk with nativa vlan as
voice vlan), it works fine.

I ended up having my pre-auth ACL to allow voice-voice communication in
addition to DHCP and deny everything else.


**** please remember to rate useful posts