We are experiencing an issue with authenticating user PC's on the network when they are connected through a Cisco IP phone. This was previously working fine, but since a switch IOS upgrade, we are seeing sporadic errors where the users MAC address does not appear on the port.

Below is our switchport config that has been working & is working just about everywhere else apart from in a few odd areas. The switch is a C2960X running version 15.2(6r)E

interface GigabitEthernet3/0/23
switchport access vlan 101
switchport mode access
switchport voice vlan 108
authentication event fail action next-method
authentication host-mode multi-auth
authentication open
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication timer reauthenticate server
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 2
spanning-tree portfast edge
end

When using the config above we see the phone is working in voice VLAN but we do not see the PC MAC address.

NPCM202-A-1#sh mac ad int gi3/0/23
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
108 005f.8691.99eb STATIC Gi3/0/23
Total Mac Addresses for this criterion: 1

If we change the config on the port & remove all the authentication config & statically assign the access & voice VLAN as below then the MAC address of the PC then shows up. Authentication is done by Cisco ISE policy using MAB

interface GigabitEthernet3/0/23
switchport access vlan 200
switchport mode access
switchport voice vlan 108
mls qos trust cos
spanning-tree portfast edge
end

NPCM202-A-1#sh mac ad int gi3/0/23
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
108 005f.8691.99eb DYNAMIC Gi3/0/23
200 005f.8691.99eb DYNAMIC Gi3/0/23
Total Mac Addresses for this criterion: 2