Guest

Preview Tool

Cisco Bug: CSCsz12381 - Open Mode with DHCP snooping for Voice Domain Issue

Last Modified

Feb 01, 2017

Products (1)

  • Cisco Catalyst 3560 Series Switches

Known Affected Releases

12.2 12.2(50)SE 12.2(50)SE1

Description (partial)

Symptom:
When an IP phone is connected to the switchport configured for Open Mode dot1x + MAB, DHCP traffic is not allowed into the network on the Voice VLAN before dot1x times out and port is authorized by MAB. Traffic on the Voice VLAN is simply not forwarded until successful authorization.

As its an Open Mode authentication, the IP phone traffic should be allowed into the switchport before authentication.

The test is repeated by connecting the IP phone and a PC connected behind the IP phone together into a switch port and the PC does DHCP straight away while the IP phone doesnt until dot1x times out and MAB is authenticated later. Spanning tree seems to converge and the port goes into the Forwarding state, however  traffic does not get through in the Voice VLAN before authorization.

Conditions:
The problem is only seen when the port is configured for Open Mode authentication and DHCP snooping is enabled globally.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.