Have a problem whereby we can't get a mab endpoint to get network access behind a Cisco 7940. If I reboot the phone, then both the phone and mabendpoint get network access. In the switch logs we can see where dot1x started fro both, no response so mab was started and mab authentication was successful for both on the switch. Both get network access.  If  the phone is already registered and on the network and the mab endpoint behind it is now rebooted, the switch log says  "starting 'dot1x' for client (5448.10bc.21f9)" but switch never says that it didn't get a dot1x response or that dot1x failed or that it is starting mab. Switch is a 3560V2 15.02SE10a code. Not sure why the switch is not reporting no further information about the mab endpoint after starting dot1x. Behind another type of Cisco Phone, a 7821, there is no problem. You can reboot the mab endpoint and it gets access. Swithport priority order is default i.e dot1x then mab. ... View more

Hi, Just as a side question, but what ip device tracking global command did you use? I have a network with Mitel 5320 phones and they are not responding to device tracking arps. I suspect they dont like source 0.0.0.0 but wanted to know if you have seen similar for this phone? ... View more

Our FMC keeps throwing in the same VPN status event "VPN tunnell between FWA/peerip/subnetX and FWB/peerip/subnetY is inactive due to to Deleted backup session" Firstly any idea what a backup session refers to? If its a VPN SA, well I've checked the Firewalls and the VPN SA for these subnets is ok on each side. Traffic is being encrypted/decrypted, SPIs match. I have no inactive SAs on the FTDs. So why does FMC keep reporting this? Secondly, since it'sthe same message every 2-3 mins including the subnets in question,  shouldn't the Health Events Value column count increment instead rather than generating a new message? ... View more