Comware

We have set up radius based MACAUTH.

All is working well with around 100 clients so far using it for several VLANS.

We have now started to build our VoIP system using Asterisk + Polycom handsets; only to discover they lose their VLAN after a while (unsure yet how long, but it is repeatable).

The VoIP vlan is "200", if i pick up the handset and call an automated number, the interface shows up in "sh vl 200". after a while it vanishes. similarly with "sh port-access mac-based", it shows up as authorised, then vanishes. If i try calling it from another handset, it fails, unless (quite understandably) the interface is showing in the VL.

Is this likely a supplicant issue or a problem with my config?

regards

Garry

what switch platform(s), what version code?


hmm...after i think about this a bit more, i do remember seeing something like this with my asterisk phone and mac auth...but not with my mitel's doing EAP-MD5 "classic" 802.1X auth...i'll see if i have any other notes on this...

let's see your switch/code info...

cheers...jeff

Thanks for the reply

We are running on 8212/5406/3500 series gear on latest versions K13.63.

Everything in PC land is working well, as are the NEC voip phones on another VLAN.

The only other odd one was on HP jetdirect printer - same thing was happening.

a bit more info from sh log:

I 10/22/06 14:32:40 00076 ports: port C23 is now on-line
I 10/22/06 14:33:18 00077 ports: port C22 is now off-line
I 10/22/06 14:33:20 00435 ports: port C22 is Blocked by AAA
I 10/22/06 14:33:22 00435 ports: port C22 is Blocked by STP
I 10/22/06 14:33:25 00076 ports: port C22 is now on-line
I 10/22/06 14:33:45 00077 ports: port C22 is now off-line
I 10/22/06 14:33:47 00435 ports: port C22 is Blocked by AAA
I 10/22/06 14:33:48 00435 ports: port C22 is Blocked by STP
I 10/22/06 14:33:51 00076 ports: port C22 is now on-line
I 10/22/06 14:38:51 00435 ports: port C23 is Blocked by AAA
I 10/22/06 14:39:52 00435 ports: port C22 is Blocked by AAA

well, i don't really have any better info to provide...

i have a voip test lab with asteriskNOW (1.0.1 [and today 1.5.0]), 2 aastra 9133i and 1 mitel 9212, running on a 3500-24G switch...

last year and earlier this year i saw a similar problem with my aastra phones losing their vlan assignment using 802.1X MAC-auth...the mitel was 802.1X using EAP-MD5 and never dropped its vlan...and i tried it on 2 different 3500's with same results...

i did a presentation at HPTF last month with the switch, 1 aastra and the mitel phone, and i don't remember seeing the problems...but i did upgrade the switch code and the aastra code before that pres...

so for informational purposes only, my aastra's are now on v1.4.2.23 code and the 3500 is running K.14.09 (not the latest, but kinda new)...

i just brought the lab back up and its been running smoothly this afternoon...

sorry i couldn't be of more assistance...

cheers...jeff