Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
5
Replies

NAC 4.7.2 - Clients behind an IP Phone

DON GOODLIN
Level 1
Level 1

‎06-02-2010 07:52 AM - edited ‎02-21-2020 03:58 AM

I am currently running NAC appliance version 4.7.2 in OOB virtual gateway.  I have Cisco Cat 3560G PoE switches and 7945 Ip Phones.

My voice Vlan is Vlan4 and one of my data Vlan's is Vlan121.

I have added the MAC address of my IP phone to the filter list and my client behind the IP Phone is authenticating properly to the NAC.

My question is, when I shut down my computer or disconnect my network cable, I am not prompted to authenticate via the NAC client.

Is there a way to cause clients behind an IP Phone to authenticate when they shut down or is this just a symptom of being behind an IP Phone?

For clients not behind an IP Phone, everything works great.

We have several people using the client behind the IP Phone and they need to be assigned the proper Vlan based on their log in user role.

Thanks in advance,

Don

0 Helpful
5 Replies 5

Faisal Sehbai
Level 7
Level 7

‎06-04-2010 01:56 PM

Don,

OOB Logoff feature is coming in 4.8, out due this summer. Currently NAC has no way of knowing when a machine is logged off behind an IP phone. If the machine is shutdown however and brought back up again, it should generate a mac-notification which would place the port in the auth vlan again.

Make sure you're using Mac-Notification for your switches also.

Faisal

0 Helpful

DON GOODLIN
Level 1
Level 1
In response to Faisal Sehbai

‎06-05-2010 02:25 PM

Thanks, nice to know logoff will be here in 4.8.

I currently do shut down my laptop and bring it home over night.  The next morning when I connect it to my IP phone, it still is not prompted with a log in.  I currently do have MAC-Notification turned on.

Thanks,

Don

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to DON GOODLIN

‎06-06-2010 08:52 PM

Don,

Post the show running-config from your switch and the SNMP setup screens from your CAM.

Faisal

0 Helpful

DON GOODLIN
Level 1
Level 1
In response to Faisal Sehbai

‎06-07-2010 07:19 AM

I have attached a pdf showing the config.

Preview file
124 KB
0 Helpful

jenrooksoutlook
Level 1
Level 1
In response to DON GOODLIN

‎04-02-2015 02:00 AM

Thanks Goodlin for your question. We are also using CISCO 7945 in our office and have the same problem. But after going through your fourm and couple of blogs about the NAC client.

 

Anyhow, I am sharing the blog here for future reads for users who face the same problem (Blog about Cisco 7945)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card