Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
1
Replies

Implementing 802.1x for IP Phones - issue with UCM timeout

sean Riley
Level 4
Level 4

‎10-06-2020 09:10 AM

We are working on implementing 802.1x with our 8851 ip phones.  We have installed the LSC cert and enabled 802.1x on a few phones for testing.  We are using Cisco ISE and the switch is configured for host mode multi domain.  Everything seemed to be working fine, until we noticed the phones were resetting about every 48 minutes.  Looking at the logs on the phone it seems it is being reset due to a timeout with CUCM.  Back out 802.1x and the issue goes away.

 

My Cisco ISE admin didn’t see anything on that side that he thinks is causing the timeout, and we do not see the phone reauthenticating on the port. 

 

I have opened a TAC case and collected traces and network captures from the phone and CUCM.  Keepalives look good up until that 48 minute mark and then we see TCP retransmits from the phone, and CUCM Unregister reason 6 which is connectivity error.  After some milliseconds TCP is reestablished and the phone re-registers.  They believe something in the network is causing the failure.  We have several hundred phones and do not see any issues except for our 802.1x enabled phones.

 

Any guidance on troubleshooting this issue further?

 

CUCM v 11.5(1) SU6

IP phones are on latest firmware 12.7.1 or 12.8.1

Phones and UCS connected to Cisco 6880/6800ia switching

UCS BE6k

 

Thanks.

0 Helpful
1 Reply 1

Nithin Eluvathingal
VIP
VIP

‎10-06-2020 09:30 PM

you can post this query in ISE community.



Response Signature


0 Helpful
Customers Also Viewed These Support Documents