Hello Herman,
Thanks for the response.
To answer your questions:
Your dhcp request has a completely different MAC (not starting with 14:). Are you sure that you see the correct DHCP address?
- This mac address is for the laptop connected behind the phone which is getting authenticated and profiled correctly. And yes, even the phone is getting correct DHCP from vlan 20 (voice)
When you set it to multi-auth and remove the tagged VLAN for voice, just run all devices untagged, it may work more reliable.
- I tried using multi-domain, but with voice vlan as tagged. As soon as I set the authentication mode to multi-domain, the port went into error-disabled mode. After clearing error-disable, it goes back in error-disabled mode after some time. Now as you suggested, I will remove the vlan tag and see what difference does it make.
For voice VLAN you will need to return the device-traffic-class=voice attribute pair.
- Since the profiling is not happening, I cannot return this enforcement profile based on category:VOIP Phone. Instead, I created an enforcement profile to send class=voice attribute pair if the "client-mac-vendor" Equals "Avaya Inc". In this way, the phone gets recognized and gets DHCP from voice vlan. Attached screenshot. (without this, even the DHCP is not working and phone is seen to be stuck in voice vlan searching for DHCP that never completes)
Would it be possible to contact your Aruba partner or TAC support, as I think interactive testing works better.
- I have set this up in a lab environment to simulate customer need. We have an implementation to be done soon. Except for this glitch, we are good to go.