Cisco Bug: CSCut25671 - 802.1x ENH untagged voice packets should not be allowed within data vlan
Feb 26, 2018
- Cisco IOS
Known Affected Releases
Symptoms: This is a design problem related to 802.1x with switches. A switchport can be configured with MAB or 802.1x. We need to have voice VLAN. Once voice device authenticates it might not know yet the voice VLAN but it can learn the voice VLAN via cdp, lddp or dhcp. That can take time (for cdp by default switch sends packets every 60s) and because of that the phone can send untagged frames. It will happen always when phone is not supporting cdp or lldp and using dhcp for voice VLAN discovery. As a result IOS needs to accept untagged frames (data vlan) from voice device (which is already marked in voice domain because of device-traffic-class = voice returned in Access-Accept). IOS will accept untagged frames from voice device till it receives first tagged frame and then it will not accept untagged frames from that device any longer. Conditions: Normal Operations.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases