06-13-2013 06:02 AM - edited 03-18-2019 01:17 AM
We are using Cisco ISE and 802.1x for authentication. We have an authorization profile that assigns device-traffic-class=voice to IP phones and puts the units on the VOICE vlan.
I am trying to move the Telepresence units (in this case SX20) to this VOICE vlan by assigning it to the same profiles. As far as i can see this works fine.
Apr 2 03:59:45.246: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/33, changed state to down
Apr 2 03:59:47.553: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/33, changed state to up
Apr 2 03:59:48.041: %AUTHMGR-5-START: Starting 'mab' for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA
Apr 2 03:59:48.554: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/33, changed state to up
Apr 2 03:59:48.575: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Gi1/0/33, port's configured trust state is now operational.
Apr 2 03:59:51.275: %MAB-5-SUCCESS: Authentication successful for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA
Apr 2 03:59:51.454: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA
Apr 2 03:59:51.459: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC d867.d971.e31a| AuditSessionID 0A1C000100217CB10FFE96EA| AUTHTYPE DOT1X| EVENT APPLY
Apr 2 03:59:51.459: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT Auth-Default-ACL Attached Successfully
Apr 2 03:59:51.459: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-51b5d538| EVENT DOWNLOAD-REQUEST
Apr 2 03:59:51.496: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-51b5d538| EVENT DOWNLOAD-SUCCESS
Apr 2 03:59:51.496: %EPM-6-IPEVENT: IP 0.0.0.0| MAC d867.d971.e31a| AuditSessionID 0A1C000100217CB10FFE96EA| AUTHTYPE DOT1X| EVENT IP-WAIT
Apr 2 03:59:51.721: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA
show authentication int gig1/0/33
Interface MAC Address Method Domain Status Session ID
Gi1/0/33 d867.d971.e31a mab VOICE Authz Success 0A1C0001002183B61001F65A
The unit does not recieve an ip address, nor will it get its ACL applied.
I´ve set up a test VLAN on this switch and if i change the configuration to apply a certain vlan instead it works correctly, and as i said ip phones on works correctly.
Have anyone experienced anything similar with telepresence equipment and 802.1x
06-13-2013 06:30 AM
When using 802.1x, are you able to see MAC Address of the telepresence in arp table of the switch?
Paulo Souza
06-13-2013 11:23 PM
Hi!
Yes it does. Not at site right now but show mac address-table int gig1/0/33 shows correct mac address in the VOICE vlan.
Best regards
Christian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide