Cisco Bug: CSCsz12381 - Open Mode with DHCP snooping for Voice Domain Issue
Feb 01, 2017
- Cisco Catalyst 3560 Series Switches
Known Affected Releases
12.2 12.2(50)SE 12.2(50)SE1
Symptom: When an IP phone is connected to the switchport configured for Open Mode dot1x + MAB, DHCP traffic is not allowed into the network on the Voice VLAN before dot1x times out and port is authorized by MAB. Traffic on the Voice VLAN is simply not forwarded until successful authorization. As its an Open Mode authentication, the IP phone traffic should be allowed into the switchport before authentication. The test is repeated by connecting the IP phone and a PC connected behind the IP phone together into a switch port and the PC does DHCP straight away while the IP phone doesnt until dot1x times out and MAB is authenticated later. Spanning tree seems to converge and the port goes into the Forwarding state, however traffic does not get through in the Voice VLAN before authorization. Conditions: The problem is only seen when the port is configured for Open Mode authentication and DHCP snooping is enabled globally.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases