I am having a problem with our phones. They don't work when plugged into a port controlled by clearpass 6.8.2.XXXXXXX.
1) They are Avaya phones
2) They get their 802.1Q tag for VLAN 42 from the DHCP Server
3) They don't get a DHCP lease. Nothing seems to be going over VLAN42 from the phone?
I used the Solution Exchange to get my IBNS 2.0 configuration (Attached, Sanitized). I have attached a picture of my Enforcement Profile, the two policies, and the service. I have profiling setup and on ports that are not controlled by ClearPass, phones are working perfectly! 802.1x is working perfectly on the ports as well and assigning the correct vlan! 802.1X is working through the phone port too! The ports that are controlled by clearpass, whenever I send a VLAN for the phone, i get an error that I can't use the same VLAN that the Voice VLAN is set to? Also attached I have my configuration for how my 3 different ports on the switch look like. Port 11 works fine, I modified port 10 to not use the ACL, and port 9 uses the ACL. Both 9 and 10 are not working with my phone. (Should I send it a different VLAN?) I'm at a loss here. Attached are my 3 ports and template below:
template ClearPass-Template
dot1x pae authenticator
spanning-tree portfast edge
switchport access vlan 9
switchport mode access
switchport voice vlan 42
mab
access-session closed
access-session port-control auto
service-policy type control subscriber ClearPass-Policy
!
interface GigabitEthernet1/0/9
ip access-group IPV4-PRE-AUTH-ACL in
srr-queue bandwidth share 1 30 35 5
mls qos trust cos
auto qos trust
source template ClearPass-Template
spanning-tree portfast edge
!
interface GigabitEthernet1/0/10
srr-queue bandwidth share 1 30 35 5
mls qos trust cos
auto qos trust
source template ClearPass-Template
spanning-tree portfast edge
!
interface GigabitEthernet1/0/11
switchport access vlan 9
switchport mode access
switchport voice vlan 42
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
spanning-tree portfast edge
!
