Can you share the configuration of the switch ports? How much mac address you allowed on the port (You should allow 3)? Is it possible that it's a firmware issue?
I believe the normal flow should be : - Authorizing the phone, on the reg or data vlan - LLDP-MED negociation - Authorizing the phone on the voice vlan. The only setup I have seen with Avaya using VoIP is with Nortel phones, not Cisco. Did you try using NoEAP instead (aka Mac Authentication)? I think you can return a VSA to the switch with a user-based policy to tell the switch the device is a voice device (Avaya Attribute 111 string: UROLvoice). See:http://support.avaya.com/css/P8/documents/100099486 On 12-01-18 3:18 PM, Kevin Manuel wrote: > The phones are Cisco phones. The switches are Avaya 5500 series so CDP does > not work. LLDP-Med from the switch is used to configure the phones (tell it > voice vlan, QOS stuff, etc). > > A couple of the phones have the following fingerprint: 1,3,15,6,12,35,66,150 > > A couple of the phones do not show a fingerprint > One phone shows as auto-registered and it's fingerprint is > 1,3,6,15,42,66,150 which was resolved to Cisco IP Phone 0c:85:25:3f:d6:ee > > Here are some examples of what is seen in the switch forwarding table: > > Vlan mac addr port > > 1128 d4:d7:48:41:c6:cd 1/11 > 1128 00:16:41:e6:23:87 1/11 > 2038 d4:d7:48:41:c6:cd 1/11 > > 2038 70:81:05:0c:3d:26 1/31 > 38 70:81:05:0c:3d:26 1/31 > > 2038 00:07:7d:df:c9:a4 1/39 > 38 00:07:7d:df:c9:a4 1/39 > > Where > - vlan 1128 = registration vlan > - vlan 2038 = voice vlan > - vlan 38 = (registered) data vlan > - d4:d7:48:41:c6:cd, 70:81:05:0c:3d:26, 00:07:7d:df:c9:a4 are phones that > are showing up in both the voice and data vlans > - 00:16:41:e6:23:87 is a registered computer that shows up in the > registration vlan > > > Associated packetfence.log logs show the following for port 11 (the one > with the computer connected): > > Jan 18 15:52:30 pfsetvlan(15) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:52:30 pfsetvlan(15) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for d4:d7:48:41:c6:cd (main::handleTrap) > Jan 18 15:52:30 pfsetvlan(15) INFO: d4:d7:48:41:c6:cd is a secure MAC > address at 10.10.38.1 ifIndex 27 VLAN 38. De-authorizing (new entry > 02:00:00:00:00:27) (main::do_port_security) > Jan 18 15:52:31 pfsetvlan(15) INFO: MAC: d4:d7:48:41:c6:cd is unregistered; > belongs into registration VLAN (pf::vlan::vlan_determine_for_node) > Jan 18 15:52:31 pfsetvlan(15) INFO: authorizing d4:d7:48:41:c6:cd at new > location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:52:31 pfsetvlan(15) INFO: finished (main::cleanupAfterThread) > Jan 18 15:52:36 pfsetvlan(10) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:52:36 pfsetvlan(10) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for 00:16:41:e6:23:87 (main::handleTrap) > Jan 18 15:52:36 pfsetvlan(10) INFO: de-authorizing 00:16:41:e6:23:87 (new > entry 02:00:00:00:00:07) at old location 10.10.38.1 ifIndex 7 > (main::do_port_security) > Jan 18 15:52:36 pfsetvlan(10) INFO: authorizing 00:16:41:e6:23:87 (old entry > d4:d7:48:41:c6:cd) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:52:36 pfsetvlan(10) INFO: MAC: 00:16:41:e6:23:87, PID: pier, > Status: reg, VLAN: 38 (pf::vlan::vlan_determine_for_node) > Jan 18 15:52:36 pfsetvlan(10) INFO: finished (main::cleanupAfterThread) > Jan 18 15:52:40 pfsetvlan(18) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:52:40 pfsetvlan(18) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for d4:d7:48:41:c6:cd (main::handleTrap) > Jan 18 15:52:40 pfsetvlan(18) INFO: authorizing d4:d7:48:41:c6:cd (old entry > 00:16:41:e6:23:87) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:52:40 pfsetvlan(18) INFO: MAC: d4:d7:48:41:c6:cd is unregistered; > belongs into registration VLAN (pf::vlan::vlan_determine_for_node) > Jan 18 15:52:40 pfsetvlan(18) INFO: finished (main::cleanupAfterThread) > Jan 18 15:52:46 pfsetvlan(11) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:52:46 pfsetvlan(11) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for 00:16:41:e6:23:87 (main::handleTrap) > Jan 18 15:52:46 pfsetvlan(11) INFO: authorizing 00:16:41:e6:23:87 (old entry > d4:d7:48:41:c6:cd) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:52:46 pfsetvlan(11) INFO: MAC: 00:16:41:e6:23:87, PID: pier, > Status: reg, VLAN: 38 (pf::vlan::vlan_determine_for_node) > Jan 18 15:52:46 pfsetvlan(11) INFO: finished (main::cleanupAfterThread) > Jan 18 15:52:51 pfsetvlan(20) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:52:51 pfsetvlan(20) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for d4:d7:48:41:c6:cd (main::handleTrap) > Jan 18 15:52:51 pfsetvlan(20) INFO: authorizing d4:d7:48:41:c6:cd (old entry > 00:16:41:e6:23:87) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:52:51 pfsetvlan(20) INFO: MAC: d4:d7:48:41:c6:cd is unregistered; > belongs into registration VLAN (pf::vlan::vlan_determine_for_node) > Jan 18 15:52:52 pfsetvlan(20) INFO: finished (main::cleanupAfterThread) > Jan 18 15:53:02 pfsetvlan(7) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:53:02 pfsetvlan(7) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for 00:16:41:e6:23:87 (main::handleTrap) > Jan 18 15:53:02 pfsetvlan(7) INFO: authorizing 00:16:41:e6:23:87 (old entry > d4:d7:48:41:c6:cd) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:53:02 pfsetvlan(7) INFO: MAC: 00:16:41:e6:23:87, PID: pier, > Status: reg, VLAN: 38 (pf::vlan::vlan_determine_for_node) > Jan 18 15:53:03 pfsetvlan(7) INFO: finished (main::cleanupAfterThread) > Jan 18 15:53:41 pfsetvlan(13) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:53:41 pfsetvlan(13) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for d4:d7:48:41:c6:cd (main::handleTrap) > Jan 18 15:53:41 pfsetvlan(13) INFO: authorizing d4:d7:48:41:c6:cd (old entry > 00:16:41:e6:23:87) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:53:41 pfsetvlan(13) INFO: MAC: d4:d7:48:41:c6:cd is unregistered; > belongs into registration VLAN (pf::vlan::vlan_determine_for_node) > Jan 18 15:53:41 pfsetvlan(13) INFO: finished (main::cleanupAfterThread) > Jan 18 15:53:49 pfsetvlan(14) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:53:49 pfsetvlan(14) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for 00:16:41:e6:23:87 (main::handleTrap) > Jan 18 15:53:49 pfsetvlan(14) INFO: authorizing 00:16:41:e6:23:87 (old entry > d4:d7:48:41:c6:cd) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:53:49 pfsetvlan(14) INFO: MAC: 00:16:41:e6:23:87, PID: pier, > Status: reg, VLAN: 38 (pf::vlan::vlan_determine_for_node) > Jan 18 15:53:49 pfsetvlan(14) INFO: finished (main::cleanupAfterThread) > Jan 18 15:54:41 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Jan 18 15:54:41 pfsetvlan(5) INFO: secureMacAddrViolation trap received on > 10.10.38.1 ifIndex 11 for d4:d7:48:41:c6:cd (main::handleTrap) > Jan 18 15:54:41 pfsetvlan(5) INFO: authorizing d4:d7:48:41:c6:cd (old entry > 00:16:41:e6:23:87) at new location 10.10.38.1 ifIndex 11 (main::handleTrap) > Jan 18 15:54:41 pfsetvlan(5) INFO: MAC: d4:d7:48:41:c6:cd is unregistered; > belongs into registration VLAN (pf::vlan::vlan_determine_for_node) > Jan 18 15:54:41 pfsetvlan(5) INFO: finished (main::cleanupAfterThread) > > > > The end result is that only d4:d7:48:41:c6:cd is authorized by mac security > to talk on that port, probably because the computer ends up giving up. > > Any thoughts? > > > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: January-18-12 10:25 AM > To: [email protected] > Subject: Re: [Packetfence-users] VOIP Phone with packetfence > > Hi Kevin, > > Let's start with a bunch of questions: > What hardware do you have (Cisco, HP,...)? Do the Phone and hardware > supports CDP or LLDP? When you go to the node table, do you have the phone > DHCP fingerprint? > > On 12-01-17 4:07 PM, Kevin Manuel wrote: >> Hi, >> >> We are having difficulties getting packetfence to recognize a VOIP >> phone as a phone. And if we connect a computer to the phone it creates >> several issues with packetfence because the phone mac address is >> showing up on the data vlan along with the computer for some reason >> (in addition the phone mac address showing up on the voice vlan). The >> phone works - the computer does not. >> >> I realize I didn't include much for details, but does anybody have any >> advice based on the info above? >> >> Thanks in advance, >> >> Kevin >> >> >> ---------------------------------------------------------------------- >> -------- Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft >> developers is just $99.99! Visual Studio, SharePoint, SQL - plus >> HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you > subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > ---------------------------------------------------------------------------- > -- > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
