Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
1
Replies

Posture on Machine Behind IP Phone with power adapter

Go to solution
Neelesh Marathe
Cisco Employee
Cisco Employee

‎10-23-2018 02:26 AM

Team,

 

I am working with one of the Banks in India. They are running dot1x and posture on windows endpoints and IP Phones are getting authenticated using MAB. Edge switches are not PoE and IP Phones get power through power adapter. We are facing challenge in scenario where system is connected behind IP Phone. 

 

When I remove machine cable from IP Phone, posture works fine and machine becomes compliant.

 

When I remove switch cable from IP Phone, IP phone network gets disconnected however IP Phone stays powered on as it is using external power. Machine network stays also connected and posture status on module does not get changed. Now when I plug the switch cable again in IP Phone, both phone and  Machine get authenticated however posture module will not able to detect the network change. I tried enabling VLAN detection, periodic probing however it did not work

 

We are using following AnyConnect 4.4.04030 and compliance module 3611098.2

 

I am seeking your guidance for next course of action

 

Thanks,

Neelesh Marathe

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-23-2018 07:26 PM

If the PC not performing DOT1X after restoring the connectivity between the switch and the IP phone, then the user would have to un-plug and re-plug-in the cable of the PC. If DOT1X happens, then try Posture Enhancements in ISE 2.4 and AC 4.6.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-23-2018 07:26 PM

If the PC not performing DOT1X after restoring the connectivity between the switch and the IP phone, then the user would have to un-plug and re-plug-in the cable of the PC. If DOT1X happens, then try Posture Enhancements in ISE 2.4 and AC 4.6.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents