Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
0
Replies

Issues with MAC Address passthrough - Mitel Phones

Eager_2_Learn
Level 1
Level 1

‎06-03-2024 02:20 AM

Hi,

Not sure if this is the correct location to post this, but we are experiencing some problems within our network.

The problem relates to Mitel IP Phones and MAC address pass through from a laptop at the other end of said phone back to the switch.

Its pretty identical to this persons post here: re-learn the PC MAC issue - Cisco Community.

Our setup is as follows:

Eager_2_Learn_0-1717405743522.png

When you have laptop1 plugged into a dock, which is hanging off a phone, phone into switch - no issues.

However, if you disconnect the laptop1 and plug in another device (laptop2) to the same phone, a security violation occurs ( due to authentication host-mode multi-domain ). The port retains the old MAC from laptop1 and does not drop it to replace with laptop2. See diagram below:

Eager_2_Learn_1-1717405928449.png

So I carried out further testing with a few more scenarios and everything (in my mind) points to the phone being an issue:

Eager_2_Learn_2-1717405989135.png

Eager_2_Learn_3-1717406011501.png

Eager_2_Learn_4-1717406027972.png

The ports are setup with the following config:

interface GigabitEthernetX/X/X
description test port
switchport access vlan XX
switchport mode access
switchport voice vlan XX
device-tracking attach-policy IPDT_POLICY
no logging event link-status
authentication event fail action authorize vlan XX
authentication event server dead action authorize vlan XX
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos trust
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

I know the multi-domain is the reason why the violation occurs from the switch perspective. I would like to understand if there is any other potential reason why this might occur, besides some strange behavior happening on the phone?

I am asking our comms team to raise with the vendor, just wanted some cisco perspective / has anyone ever experienced this also?

This occurs on 3 separate types of Mitel Phones tested and Cisco 3850s / 9300s

Many Thanks!

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents