Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


802.1x Pass through

802.1x Pass through

802.1x Pass through

I am running 6.3 with a 9611G running 6.8102 connected to a cisco switch.
The issue I am having is when the user disconnects their laptop from the phone and tries to connect in a conference room they get an unidentified network error. The issue is the phone is not releasing the users mac address. in talking to Cisco they are telling me the phone needs to be set for 802.1x pass through.
I checked the 46xxsettings and verified the DOT1X is set to 1 which is pass through enable.

RE: 802.1x Pass through

You can turn the logging up in the phone and have it send via syslog. Get that and a packet capture, prove it and open a case with Avaya?

RE: 802.1x Pass through

I would be looking at the network port security system in use. Pass-through is just that, it is passing the traffic through, the phone is not capture the MAC address of the PC.
I would still do what Kyle555 recommends, but I am betting it will show it it a network issue not a phone issue.

RE: 802.1x Pass through

ISE or whatever your team uses for network access control (NAC) could be set up that since it saw the laptop's MAC over on one port it must be an attempt to spoof the laptop's MAC coming through on the conference room port. Therefore it shuts down network access for the one it thinks is the spoofer. This can be tied back through DHCP lease times not having expired also, so it's not necessarily a phone hanging on to a number.

I'd have your network security folks take a deeper look.

RE: 802.1x Pass through

Thanks, I have an active case with Avaya as well as Cisco. I have sent wireshark traces to Avaya and as of right now they do not see the phone "notifying" the network that the laptop has disconnected.
As a workaround I configured "authentication mac-move permit" on the switch which basically tells the switch that it is possible to see the mac move to another port, allow it on the new port and kill it on the old. Seems to have fixed about 80% of my problems. The issue I am still having is if the user moves to a room that is not directly on one of my main switches but on a neighboring switch they still get the unidentified network and the phone on the main switch is still acting as if the laptop is connected.

Good idea on the logging, I have not done this before on a phone. Dumb question probably but how do I do that?

RE: 802.1x Pass through

craft menu. if you got an avaya case open, you can enable ssh, logging levels and syslog on the phone via 46xx or from the craft menu
You can ssh in the phone if they give you the challenge response and just scp the log files off. Or get them on a syslog server or whatever. The pcap shows what the phone did. The phone logs show why.

RE: 802.1x Pass through

Thanks, You gave me a good direction to look.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close