Re: 2610 - 802.1x issues with IP Phone, vlan & NPS (600 Views)
Reply
Advisor
Wayne Gillan
Posts: 29
Registered: ‎03-05-2007
Message 1 of 2 (792 Views)

2610 - 802.1x issues with IP Phone, vlan & NPS

Hi,
I'm experiencing some strange behaviour while trying to setup 802.1x auth on our 2610 switches. I have a static vlan for voip with tagged ports, a default vlan with untagged, and 2 other vlans that are assigned to ports with Windows NPS. So NPS can assign either vlan 1 (default and Compliant), 12 (noncompliant) or 13 (Guest). See config attached.

I can authenticate both IP phone and PC seperately with no problems. And I can authenticate both phone and PC on the one port (using phones PC port) if NPS assigns the default vlan to the PC. But if the vlan assigned by NPS for the PC is not the default vlan the phone drops out, but the PC is still connected.

I see these messages on the switch log
W 05/20/11 16:22:46 dca: 8021X client untagged VLAN-id arbitration error, MAC
001EF7C4183B port 18.

which is the MAC of the phone. The phones are set to operate only on voice vlan (7), and all ports are tagged vlan 7 so can't understand why it drops out? And with the message above, what VLAN is it trying to enable??
Occasional Visitor
pltavares
Posts: 1
Registered: ‎03-15-2012
Message 2 of 2 (600 Views)

Re: 2610 - 802.1x issues with IP Phone, vlan & NPS

Hi,

 

I'm experiencing the same issue but in my case the phone (cisco 7911) is connected (EAP-MD5) and PC won't.

 

did you manage to solve this issue?

 

Regards,

 

Pedro

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.