Preview Tool

Cisco Bug: CSCut25671 - 802.1x ENH untagged voice packets should not be allowed within data vlan

Last Modified

Feb 26, 2018

Products (1)

  • Cisco IOS

Known Affected Releases


Description (partial)


This is a design problem related to 802.1x with switches. A switchport can be configured with MAB or 802.1x. We need to have voice VLAN.
Once voice device authenticates it might not know yet the voice VLAN but  it can learn the voice VLAN via cdp, lddp or dhcp. That can take
time (for cdp by default switch sends packets every 60s) and because of that the phone can send untagged frames. It will happen always 
when phone is not supporting cdp or lldp and using dhcp for voice VLAN discovery. As a result IOS needs to accept untagged frames
(data vlan) from voice device (which is already marked in voice domain because of device-traffic-class = voice returned in Access-Accept).
IOS will accept untagged frames from voice device till it receives first tagged frame and then it will not accept untagged frames from that device
any longer.


Normal Operations.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.