07-07-2021 07:03 PM
I took over for a network engineer who left and I'm trying to configure a Cisco 3650 with IOS-XE version 16.12 to work with some Avaya 9608Gs with Application File 7.1.6.0.8. There's a Cisco ISE server that allows it on the network using mab but doesn't push the VLAN to it. All IPs come from a windows DHCP server on VLAN 100 for Voice and VLAN 50 for Data.
I know my switch configuration is the problem because the phones are able to correctly get on the correct VLAN and subnet when I plug the phones on one of the other switches. I enabled LLDP on the switch using lldp run and when I do a show lldp entry [device], i get the below:
Switch#sh lldp entry AVX7F0000
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
------------------------------------------------
Local Intf: Gi1/0/47
Chassis id: 10.10.252.250
Port id: c81f.ea0f.b300
Port Description - not advertised
System Name: AVX7F0000
System Description - not advertised
Time remaining: 115 seconds
System Capabilities: B,T
Enabled Capabilities: B
Management Addresses:
............................
The above in bold with System Capabilities for Bridge and Telephone are available for the device but only Bridge is enabled under Enabled Capabilities. Anyone know what would cause that or how to force the switch to enable the device as a telephone? Could this be causing my IP issue? I really don't see any difference between my configuration and other configuration of the other switches.
Thank you
07-07-2021 07:43 PM
Hi,
What is you switch port config. Was the other switch you tested the phone on a 3650 running 16.12?. This could be bug in 16.12
Thanks
John
07-07-2021 08:41 PM
Hi John,
All the switches are running the same IOS-XE version, 16.12. Below is my port configuration.
interface GigabitEthernet1/0/40
switchport access vlan 50
switchport mode access
switchport voice vlan 100
authentication event fail action next-method
authentication event server dead action authorize vlan 50
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
!
07-08-2021 06:12 AM - edited 07-08-2021 06:12 AM
Is it possible that this is an older Avaya phone that derives the voice VLAN from DHCP options when it issues a DHCP request in the untagged VLAN? I am not an Avaya expert, but I do recall some years back that this was how Avaya phones learned the tagged/voice VLAN.
07-08-2021 03:45 PM
Hi Elliot, unfortunately that is not the case as I specified above, the phones have no problem getting an IP address on any other switch on the network - just the one that I cnfigured.
07-08-2021 04:10 PM
Does it still fail to get on the voice VLAN if you temporarily turn off the 802.1x?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide