Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1552
Views
0
Helpful
2
Replies

Telepresence and Voice VLAN assignment

Christian Juel-Jensen
Level 4
Level 4

‎06-13-2013 06:02 AM - edited ‎03-18-2019 01:17 AM

We are using Cisco ISE and 802.1x for authentication. We have an authorization profile that assigns device-traffic-class=voice to IP phones and puts the units on the VOICE vlan.

I am trying to move the Telepresence units (in this case SX20) to this VOICE vlan by assigning it to the same profiles. As far as i can see this works fine.

Apr  2 03:59:45.246: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/33, changed state to down

Apr  2 03:59:47.553: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/33, changed state to up

Apr  2 03:59:48.041: %AUTHMGR-5-START: Starting 'mab' for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA

Apr  2 03:59:48.554: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/33, changed state to up

Apr  2 03:59:48.575: %SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Gi1/0/33, port's configured trust state is now operational.

Apr  2 03:59:51.275: %MAB-5-SUCCESS: Authentication successful for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA

Apr  2 03:59:51.454: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA

Apr  2 03:59:51.459: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC d867.d971.e31a| AuditSessionID 0A1C000100217CB10FFE96EA| AUTHTYPE DOT1X| EVENT APPLY

Apr  2 03:59:51.459: %EPM-6-AUTH_ACL: POLICY Auth-Default-ACL| EVENT Auth-Default-ACL Attached Successfully

Apr  2 03:59:51.459: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-51b5d538| EVENT DOWNLOAD-REQUEST

Apr  2 03:59:51.496: %EPM-6-AAA: POLICY xACSACLx-IP-PERMIT_ALL_TRAFFIC-51b5d538| EVENT DOWNLOAD-SUCCESS

Apr  2 03:59:51.496: %EPM-6-IPEVENT: IP 0.0.0.0| MAC d867.d971.e31a| AuditSessionID 0A1C000100217CB10FFE96EA| AUTHTYPE DOT1X| EVENT IP-WAIT

Apr  2 03:59:51.721: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (d867.d971.e31a) on Interface Gi1/0/33 AuditSessionID 0A1C000100217CB10FFE96EA

show authentication int gig1/0/33

Interface  MAC Address     Method   Domain   Status         Session ID

  Gi1/0/33   d867.d971.e31a  mab      VOICE    Authz Success  0A1C0001002183B61001F65A

The unit does not recieve an ip address, nor will it get its ACL applied.

I´ve set up a test VLAN on this switch and if i change the configuration to apply a certain vlan instead it works correctly, and as i said ip phones on works correctly.

Have anyone experienced anything similar with telepresence equipment and 802.1x

Labels:
0 Helpful
2 Replies 2

Paulo Souza
VIP Alumni
VIP Alumni

‎06-13-2013 06:30 AM

When using 802.1x, are you able to see MAC Address of the telepresence in arp table of the switch?

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
0 Helpful

Christian Juel-Jensen
Level 4
Level 4
In response to Paulo Souza

‎06-13-2013 11:23 PM

Hi!

Yes it does. Not at site right now but show mac address-table int gig1/0/33 shows correct mac address in the VOICE vlan.

Best regards

Christian

0 Helpful
Customers Also Viewed These Support Documents