Cisco ip phones authenticate 802.1x with cisco ise 1.3
Dear all,
I want to configure cisco ise 1.3 with 802.1x , to authenticate cisco ip phones ( CUCM 10.5.2 ) with LSC certificate.
How I have to configure cisco ise authentication rules for 802.1x with cisco ip phones? Are there any configuration examples ?
Thanks
following are ISE 802.1x sample authentication rules..you can change the protocol (Policy -> policy elements - > results -> authentication and you can select the proctocal)
Similar Messages
-
Cisco ip phones authenticate 802.1x with cisco ise
Dears,
I want to configure ip phones authenticate from Cisco ISE with 802.1X with certificates. But i can not find any configuration guide about this solutions.
I find one config and this is about ACS. Please provide me any documentation guide on cisco ise.
Thanks.802.1x configuration for IP Phones
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html#69217 -
Cisco ip phone 9971 registration failed with CME 8.6 on WAN
Dear Sir
Subject: Cisco ip
phone 9971 registration failed
with CME 8.6 on WAN
I have a WAN simulation with one Cisco2811 router one Cisco1841 router (connected with fast Ethernet interface) plus one layer 2 switch.
I upgraded the 2811 IOS to 15.4M and installed CME8.6, when we tried to add 9971 sip phone If the traffic goes throw LAN (Same subnet- directly from switch to 2811) everything is fine and the SIP phone (9971) added with no problem but when I change the subnet and traffic goes throw WAN
( from 1841 routed to 2811 with default route) my phone didn't register.
It will be great if anybody could help!!
If you can solve my problem, I will be happy to compensate.Try binding SIP to an interface on which Phone can reach (Use "voice service voip" "sip" and then bind)
Udit -
3560G and 802.1X with Cisco IP Phone
Hi,
We have been doing some test on our 3560G switch with 802.1X. The switch port has a Cisco IP Phone 7940 connected and at the back of the IP Phone is the PC (802.1X client).
The PC authenticates with the computer name or the username properly without any problems. However problem is that the port stays opened/authorized even after disconnecting the Laptop from the phone. Only disconnecting the phone from the switch disables the port and enforces authentication.
This totally defeats the purpose for us.
IOS: 12.2(20)SE3
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
interface GigabitEthernet0/40
switchport access vlan 4
switchport mode access
switchport voice vlan 15
dot1x port-control auto
dot1x timeout quiet-period 15
dot1x timeout reauth-period 30
dot1x max-req 1
dot1x reauthentication
spanning-tree portfast
spanning-tree link-type point-to-point
Any ideas will be appreciated.
Thanks,
Cheers
KartikI believe the problem should be solved with the new phone firmware:
Ref Cisco Document:
http://www.cisco.com/en/US/products/hw/phones/ps379/prod_release_note09186a0080461f84.html
"Firmware release 7.2(2) provides support for the Cisco IP Phone models 7960G and 7940G to monitor IEEE 802.1X messages between an authenticating switch and a connected PC (supplicant).
When a PC is disconnected from the Cisco IP Phone, the phone issues an EAPOL-Logoff message on behalf of the PC to the authenticating switch.
Hope This Helps
Jarle Steffensen -
Cisco 877 router - Cisco IP phone won't register with SIP provider
Hi all,
I'm having a problem with a Cisco SPA504G phone not registering with the SIP carrier over the Internet. We've recently rolled out a Cisco 877 router onto a new NBN business connection and can't get the pre-configured IP phone to register.
When we tested the phone with the NBN-provided Netgear router, it worked fine, as it did with the previous Cisco 1841 router we were using on a different link.
The way it's setup is using VLANs to define the internal subnets, which are then assigned to the physical interfaces (since the 887 doesn't allow IP assignments to the interfaces directly).
VLAN 100 is the internal network and has a SBS2011 server – assigned to F0 – IP range is 192.168.1.0
VLAN 200 is the guest network and has Internet access only – assigned to F1 – IP range is 10.1.1.0
VLAN 500 is the WAN network and connects to the NBN upstream box – assigned to F3 – external IP address assigned by DHCP
I've been playing around with access lists, nat rules, basically everything in my limited Cisco knowledge to try and figure this out, but to no avail. I have even configured what I believe is unrestricted access to IP, UDP and TCP outbound and inbound to all VLANs and still can't get it to register.
Tried isolating the issue by creating a new VLAN and assigning it to the spare interface and basically allowing everything in and out, but still no luck.
The problem has to be something on the router – probably some small line of config I haven’t removed or added.
I am going to pull my hair out soon, so would really appreciate some assistance from the Cisco gurus out there.
My client has just purchased about 10 of these handsets from their provider so I need to fix this ASAP. The guy who provided them wasn't very helpful, and basically said I'm on my own once we tested using the NBN-provided Netgear router.
Happy to post my config as well.
Please help!!!!Current configuration : 4912 bytes
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router1
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
no ip source-route
ip dhcp excluded-address 10.1.1.1
ip dhcp pool GUEST
network 10.1.1.0 255.255.255.0
dns-server 10.1.1.1 203.50.2.71 139.130.4.4
default-router 10.1.1.1
ip cef
no ip domain lookup
ip domain name network.local
ip name-server 192.168.1.123
ip name-server 203.23.53.12
ip name-server 197.12.32.86
ip name-server 8.8.8.8
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGL171220XY
username admin privilege 15 secret 5 $1$aNsm$N1BCQYkoi8gnURyvloYEX/
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 10
pvc 8/35
interface FastEthernet0
description NAC - Internal network
switchport access vlan 100
no ip address
interface FastEthernet1
description NAC - Guest network
switchport access vlan 200
no ip address
interface FastEthernet2
no ip address
shutdown
interface FastEthernet3
description **** WAN Port ****
switchport access vlan 500
no ip address
interface Vlan1
no ip address
bridge-group 10
hold-queue 100 out
interface Vlan100
description NAC - Internal Vlan
ip address 192.168.1.1 255.255.255.0
ip access-group IN-100 in
ip access-group OUT-100 out
ip nat inside
ip virtual-reassembly in
interface Vlan200
description NAC - Guest Vlan
ip address 10.1.1.1 255.255.255.0
ip access-group IN-200 in
ip access-group OUT-200 out
ip nat inside
ip virtual-reassembly in
interface Vlan500
description **** WAN Vlan ****
ip address dhcp
ip nat outside
no ip virtual-reassembly in
no ip forward-protocol nd
ip http server
ip http access-class 23
ip http secure-server
ip dns server
ip nat inside source list NAT-100 interface Vlan500 overload
ip nat inside source list NAT-200 interface Vlan500 overload
ip nat inside source static tcp 192.168.1.123 25 interface Vlan500 25
ip nat inside source static tcp 192.168.1.123 443 interface Vlan500 443
ip nat inside source static tcp 192.168.1.123 3389 interface Vlan500 3399
ip nat inside source static tcp 192.168.1.123 80 interface Vlan500 80
ip nat inside source static tcp 192.168.1.123 4125 interface Vlan500 4125
ip nat inside source static tcp 192.168.1.124 3389 interface Vlan500 3390
ip nat inside source static tcp 192.168.1.123 987 interface Vlan500 987
ip nat inside source static tcp 192.168.1.123 1723 interface Vlan500 1723
ip route 0.0.0.0 0.0.0.0 55.234.52.43
ip access-list extended IN-100
permit udp any any range bootps bootpc
deny ip 10.1.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended IN-200
permit udp any any range bootps bootpc
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended NAT-100
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended NAT-200
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended OUT-100
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
ip access-list extended OUT-200
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any 10.1.1.0 0.0.0.255
access-list 23 permit 59.23.164.52
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.1.1.0 0.0.0.255
access-list 23 permit 120.146.0.0 0.0.255.255
access-list 23 permit 149.185.12.0 0.0.0.255
access-list 23 permit 110.44.28.0 0.0.0.255
access-list 23 permit 110.44.26.0 0.0.0.255
access-list 23 permit 103.25.212.0 0.0.0.255
access-list 23 permit any
bridge 10 protocol ieee
banner motd ^C
* Authorized personnel only! *
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
password password01
login local
transport input all
end -
Cisco IP Phone 7962 not registering with CME 9
Dear Experts,
I have CME router 2811 with 15 - 6921 phones and added 1 new Cisco 7962 phone. All the 6921 phones are registered and working fine.
7962 phone does not register and the screen goes blank after the phone boot. Software version the phone is running is 9.3.1 SR2-1S
Verified the CNF File is created
tftp-server system:/its/vrf1/XMLDefault7962.cnf.xml alias SEP501CBFFC8735.cnf.xml
Here is the configuration on the router.
ip dhcp pool VOICE
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
option 150 ip 192.168.10.1
ephone-dn 11 octo-line
number 2211
label ABC 2221
name ABC
ephone 11
device-security-mode none
mac-address 501C.BFFC.8735
type 7962
button 1:11
The results of the debug tftp events are as below -
Oct 26 17:52:06.491: TFTP: Looking for CTLSEP501CBFFC8735.tlv
Oct 26 17:52:06.595: TFTP: Looking for ITLSEP501CBFFC8735.tlv
Oct 26 17:52:06.699: TFTP: Looking for ITLFile.tlv
Oct 26 17:52:06.931: TFTP: Looking for SEP501CBFFC8735.cnf.xml
Oct 26 17:52:07.487: TFTP: Opened system:/its/vrf1/XMLDefault7962.cnf.xml, fd 10, size 1278 for process 366
Oct 26 17:52:07.495: TFTP: Finished system:/its/vrf1/XMLDefault7962.cnf.xml, time 00:00:00 for process 366
Oct 26 17:52:09.799: TFTP: Looking for English_United_States/mk-sccp.jar
Oct 26 17:52:10.119: TFTP: Looking for United_States/g3-tones.xml
Oct 26 17:52:11.067: New Skinny socket accepted [2] from 0, sub 1 (15 active)
Oct 26 17:52:11.067: sin_family 2, sin_port 49152, in_addr 192.168.110.30
Oct 26 17:52:11.067: skinny_add_socket 2 192.168.110.30 49152
Oct 26 17:52:11.799: Cannot find device entry on socket fd 7 for message 346
Oct 26 17:52:11.799: Got wrong skinny message size 1836597052 on socket fd 7
Oct 26 17:52:11.799: Got wrong skinny message size 824327534 on socket fd 7
Oct 26 17:52:11.799: Got wrong skinny message size 1735289188 on socket fd 7
Oct 26 17:52:11.799: Got wrong skinny message size 1007304255 on socket fd 7
Oct 26 17:52:11.799: Got wrong skinny message size 1918987361 on socket fd 7
Oct 26 17:52:11.799: Got wrong skinny message size 1632510061 on socket fd 7
Oct 26 17:52:11.799: Got wrong skinny message size 1333032271 on socket fd 7 ... .so on
Oct 26 17:52:11.815: Got wrong skinny message size 2622 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.815: Got wrong skinny message size 0 on socket fd 7.. so on
Oct 26 17:52:11.883: Cannot find device entry on socket fd 7 for message 0
Oct 26 17:52:11.883: Got wrong skinny message size -2056126442 on socket fd 7
Oct 26 17:52:11.883: Got wrong skinny message size -54584240 on socket fd 7
Oct 26 17:52:11.883: Got wrong skinny message size 3 on socket fd 7
Oct 26 17:52:11.883: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.883: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:11.883: Got wrong skinny message size 825045805 on socket fd 7
Oct 26 17:52:11.883: Got wrong skinny message size 0 on socket fd 7
Oct 26 17:52:21.915: Cannot find device entry on socket fd 7 for message 0
Oct 26 17:52:41.995: Cannot find device entry on socket fd 7 for message 0
Oct 26 17:53:02.064: Cannot find device entry on socket fd 7 for message 0
ADVILLA-2811#
Oct 26 17:54:24.556: socket 3 fatal error 260! can't read msg header with size -1, fd 3
Oct 26 17:54:24.556: it's a stale socket! delete it!!
Please advise the issue.. thanks..This could be a compatibility issue. Looking at the feature matrix, 15.1 is CME8.8 and only has support for SCCP42.9-2-1S.loads. Even the latest CME (10.5) only has listed support for 9.2.1 on 7962.
I would try downgrading the phone firmware to 9.2.1 and see if you continue to have the issue.
Also, make sure you are advertising all the following files on TFTP:
SCCP42.9-2-1S.loads
apps42.9-2-1TH1-13.sbn
cnu42.9-2-1TH1-13.sbn
cvm42sccp.9-2-1TH1-13.sbn
dsp42.9-2-1TH1-13.sbn
jar42sccp.9-2-1TH1-13.sbn
term42.default.loads
term62.default.loads -
Pick up group between analog Phone connected on VG224 with Cisco 7911 does not work?
Hey guys,
I had a problem, during a demo. My team was design a cisco callmanager 7.0 with 7911 IP Phone and with VG224 analog devices phones. I would like to know if there are some a problem of capability when configured a Analog Phone on VG224 in the same pickup group with Cisco IP Phone 7911.
I got pickup between Analog phones but with I cannot pick up, between IP Phones and analog phones.
Does anybody knows if has capability problem or could be a configuration problem.
The feature has already enbled for pick up **3 (stcapp feature access-code).
best regards
DanielHi Daniel,
Did you try **4
The default settings for the VG224 feature codes are as follows:
Call Forward All (CFA) **1
Call Forward All Cancel **2
Call Park Directed Call Pickup Directed **6
Call Pickup Group **4
Call Pickup Local **3
Call Transfer = Hookflash
Redial *#
Speed Dial *01 to *99 for two-digit codes
Speed Dial to Voice Mail Default prefix and code is *0 for one-digit codes, and *00 for two-digit codes
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/ht1vg224.html#wp1178205
Hope this helps!
Rob -
Voice gaps in cisco ip phones 7921 when roaming between cisco APs
The following problem is faced when cisco ip phones 7921 are roaming between APs:
When a call is establishedon wireless ip phones, and the phones are roaming between APs, a three seconds gap appears but the call doesn't disconnect.
The following log messages are displayed on both APs:
The first AP:
*Mar 1 23:30:30.493: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 001e.4a3f.c5b8 Reason: Sending station has left the BSS
*Mar 1 23:30:30.956: %DOT11-4-MAXRETRIES: Packet to client 001e.4a3f.c5b8 reached max retries, removing the client
*Mar 1 23:30:30.957: Client 001e.4a3f.c5b8 failed: reached maximum retries
The second AP:
*Mar 1 23:33:40.049: %DOT11-6-ASSOC: Interface Dot11Radio0, Station SEP001E4A3FC5B8 001e.4a3f.c5b8 Associated KEY_MGMT[WPA PSK]
What can be the problem?
ThanksThat above error message is frequently associated with another error message "%DOT11-6- DISASSOC: Interface Dot11Radio0, Deauthenticating Station
Reason: Sending station has left the BSS ". This occurs because of the Interference from the adjacent access point. So change the channel and adjust the excessive power on the access points so that there is no too much overlap on the access points coverage cells. -
Configuring wired 802.1x with Cisco 2950 and NPS 2012 problem
Hi,
I am trying to setup wired authentication on my corporate network. For testing purposes, I have setup a Cisco 2950 switch for RADIUS authentication.
On the first day of the test, access messages were appearing on the event log of the 2012 Server and we were trying to address the issues with EAP and policy.(Network Policy and Access services)
Then, suddenly no events are written to the event log for the wired authentication. Accounting data is written to the log file at c:\windows\system32\logfiles, but nothing happens on the event log as if the NPS is not answering. We are using the same server for wireless 802.1x and all is working fine.
Checking the wired autoconfig log on the client, Restart Reason : Onex Auth Timeout appears.
Logging seems to be configured properly, there are no entries in event log. Below is the debug information from the 2950 switch;
KAT2-BATISW1#
00:18:28: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
0/17
00:18:28: dot1x-registry:dot1x_port_linkcomingup invoked on interface FastEthern
et0/17
00:18:28: dot1x-ev:dot1x_port_enable: set dot1x ask handler on interface FastEth
ernet0/17
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x_auth Fa0/17: initial state auth_initialize has enter
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_initialize_enter called
00:18:28: dot1x-ev:auth_initialize_enter:0000.0000.0000: Current ID=0
00:18:28: dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
uto)
00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_disconnected_enter_action called
00:18:28: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
D
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
HORIZED
00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0000.0000.0000 to send po
rt to unauthorized on vlan 0
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
astEthernet0/17
00:18:28: dot1x-ev: GuestVlan configured=0
00:18:28: dot1x-ev:supplicant 0000.0000.0000 is default
00:18:28: dot1x-ev:supplicant 0000.0000.0000 is last
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:0000.0000.0000 is now unauthorized on port FastEthernet0/17
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x_auth Fa0/17: idle during state auth_disconnected
00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
00:18:28: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_enter called
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
00:18:28: dot1x-sm:Dot1x Initialize State Entered
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
6383(idle)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:28: dot1x-sm:Dot1x Idle State Entered
00:18:28: dot1x-ev:Created port supplicant block 0000.0000.0000 expected_id=0 cu
rrent_id=0
00:18:28: dot1x-ev:dot1x_init_sb_oper_info:Default port supplicant at memloc 80D
71C74
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:
dot1x_post_message_to_auth_sm:0000.0000.0000: Sending TX_FAIL
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm:0000.0000.0000: Current ID=1
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Failure, id 0, ver 1, len 4 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
000.0000.0000
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:28: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
00:18:28: dot1x-ev:Couldn't find a supplicant block for mac 0024.1d10.d7c5
00:18:28: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:18:28: dot1x_auth Fa0/17: initial state auth_initialize has enter
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_initialize_enter called
00:18:28: dot1x-ev:auth_initialize_enter:0024.1d10.d7c5: Current ID=0
00:18:28: dot1x_auth Fa0/17: during state auth_initialize, got event 0(cfg_a
uto)
00:18:28: @@@ dot1x_auth Fa0/17: auth_initialize -> auth_disconnected
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_disconnected_enter_action called
00:18:28: dot1x-sm:
dot1x_update_port_status called with port_status = DOT1X_PORT_STATUS_UNAUTHORIZE
D
00:18:28: dot1x-ev:dot1x_update_port_direction: Updating oper direction for Fa0/
17 (admin=Both, current oper=Both)
00:18:28: dot1x-ev:dot1x_update_port_direction: New oper direction for Fa0/17 is
Both
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:dot1x_update_port_status: Called with host_mode=0 state UNAUT
HORIZED
00:18:28: dot1x-ev:dot1x_update_port_status: using mac 0024.1d10.d7c5 to send po
rt to unauthorized on vlan 0
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:dot1x_port_unauthorized: Host-mode=0 radius/guest vlan=0 on F
astEthernet0/17
00:18:28: dot1x-ev: GuestVlan configured=0
00:18:28: dot1x-ev:supplicant 0024.1d10.d7c5 is last
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:0024.1d10.d7c5 is now unauthorized on port FastEthernet0/17
00:18:28: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:18:28: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x_auth Fa0/17: idle during state auth_disconnected
00:18:28: @@@ dot1x_auth Fa0/17: auth_disconnected -> auth_connecting
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has enter
00:18:28: dot1x-sm:Dot1x Initialize State Entered
00:18:28: dot1x_bend Fa0/17: initial state dot1x_bend_initialize has idle
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_initialize, got event 1
6383(idle)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:28: dot1x-sm:Dot1x Idle State Entered
00:18:28: dot1x-ev:Created port supplicant block 0024.1d10.d7c5 expected_id=1 cu
rrent_id=1
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
FastEthernet0/17
00:18:28: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:18:28: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:28: dot1x-packet:Tx EAP-Request(Id), id 0, ver 1, len 5 (Fa0/17)
00:18:28: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:28: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:28: dot1x-packet:Rx EAP-Response(Id), id 0, ver 1, len 21 (Fa0/17)
00:18:28: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:18:28: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:18:28: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:18:28: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:18:28: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:18:28: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:18:28: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:18:28: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:18:28: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:18:28: dot1x-sm:Started the ServerTimeout Timer
00:18:28: dot1x-ev:Going to Send Request to AAA Client on RP for id = 0 and leng
th = 21
00:18:28: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967283
00:18:28: dot1x-ev:Couldn't Find a process thats already handling the request fo
r this id 0
00:18:28: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
.1d10.d7c5, VLAN 0 on pending request queue
00:18:28: dot1x-ev:Found a free slot at slot 0
00:18:28: dot1x-ev:Found a free slot at slot 0
00:18:28: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
24.1d10.d7c5, VLAN 0 from pending request queue
00:18:28: dot1x-ev:Request id = -13 and length = 21
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
t0/17
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:28: dot1x-ev:Username is DUZEY\SAYTAMANER
00:18:28: dot1x-ev:MAC Address is 0024.1d10.d7c5
00:18:28: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
00:18:28: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:30: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up
00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:46: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:18:46: dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
apStart)
00:18:46: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
led
00:18:46: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
00:18:46: dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
nitialize)
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
00:18:46: dot1x-sm:Dot1x Initialize State Entered
00:18:46: dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:18:46: dot1x-sm:Dot1x Idle State Entered
00:18:46: dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
Abort_noeapLogoff)
00:18:46: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:18:46: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:18:46: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:18:46: dot1x-packet:Tx EAP-Request(Id), id 1, ver 1, len 5 (Fa0/17)
00:18:46: dot1x-registry:registry:dot1x_ether_macaddr called
00:18:46: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:18:46: dot1x-packet:Rx EAP-Response(Id), id 1, ver 1, len 21 (Fa0/17)
00:18:46: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:46: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:18:46: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:18:46: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:18:46: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:18:46: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:18:46: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:18:46: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:18:46: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:18:46: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:18:46: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:18:46: dot1x-sm:Started the ServerTimeout Timer
00:18:46: dot1x-ev:Going to Send Request to AAA Client on RP for id = 1 and leng
th = 21
00:18:46: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967284
00:18:46: dot1x-ev:Found a process thats already handling therequest for this id
1
00:18:48: dot1x-err:Dot1x Authentication failed (AAA_AUTHEN_STATUS_ERROR)
00:18:48: dot1x-ev:Received VLAN is No Vlan
00:18:48: dot1x-ev:Enqueued the response to BackEnd
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Enter function dot1x_aaa_acct_end
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:18:48: dot1x-ev:Received QUEUE EVENT in response to AAA Request
00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:dot1x_process_txWhen_expire called
00:18:58: dot1x_auth Fa0/17: during state auth_connecting, got event 19(txWh
en_expire)
00:18:58: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_connecting
00:18:58: dot1x-sm:Fa0/17:0000.0000.0000:auth_connecting_connecting_action calle
d
00:18:58: dot1x-ev:dot1x_post_message_to_auth_sm: Skipping tx for req_id for def
ault supplicant
00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:19:07: dot1x-packet:Rx EAPOL-Start, ver 1, len 0 (Fa0/17)
00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:19:07: dot1x_auth Fa0/17: during state auth_authenticating, got event 4(e
apStart)
00:19:07: @@@ dot1x_auth Fa0/17: auth_authenticating -> auth_aborting
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_aborting_enter called
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_aborting_action cal
led
00:19:07: dot1x-ev:Received DOT1X_MSG_AUTH_ABORT: setting msg_id = 0
00:19:07: dot1x_bend Fa0/17: during state dot1x_bend_response, got event 5(i
nitialize)
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_response -> dot1x_bend_initialize
00:19:07: dot1x-sm:Dot1x Initialize State Entered
00:19:07: dot1x_bend Fa0/17: idle during state dot1x_bend_initialize
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_initialize -> dot1x_bend_idle
00:19:07: dot1x-sm:Dot1x Idle State Entered
00:19:07: dot1x_auth Fa0/17: during state auth_aborting, got event 16(noauth
Abort_noeapLogoff)
00:19:07: @@@ dot1x_auth Fa0/17: auth_aborting -> auth_connecting
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_enter called
00:19:07: dot1x-ev:dot1x_post_message_to_auth_sm: Tx for req_id for supplicant 0
024.1d10.d7c5
00:19:07: dot1x-ev:Transmitting an EAPOL frame on FastEthernet0/17
00:19:07: dot1x-packet:Tx EAP-Request(Id), id 2, ver 1, len 5 (Fa0/17)
00:19:07: dot1x-registry:registry:dot1x_ether_macaddr called
00:19:07: dot1x-packet:Tx sa=000f.24e9.72d1, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Received an EAPOL frame on interface FastEthernet0/17
00:19:07: dot1x-packet:Rx EAP-Response(Id), id 2, ver 1, len 21 (Fa0/17)
00:19:07: dot1x-packet:Rx sa=0024.1d10.d7c5, da=0180.c200.0003, et 888E (Fa0/17)
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:RECEIVED mac =0024.1d10.d7c5 and Stored MAC =0024.1d10.d7c5
00:19:07: dot1x_auth Fa0/17: during state auth_connecting, got event 7(rxRes
pId)
00:19:07: @@@ dot1x_auth Fa0/17: auth_connecting -> auth_authenticating
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_exit alled
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_authenticating_enter called
00:19:07: dot1x-ev:sending AUTH_START to BEND for supp_info=80D7E584
00:19:07: dot1x-sm:Fa0/17:0024.1d10.d7c5:auth_connecting_authenticating_action c
alled
00:19:07: dot1x-ev:Received AuthStart from Authenticator for supp_info=80D7E584
00:19:07: dot1x_bend Fa0/17: during state dot1x_bend_idle, got event 1(auth_
start)
00:19:07: @@@ dot1x_bend Fa0/17: dot1x_bend_idle -> dot1x_bend_response
00:19:07: dot1x-sm:Dot1x Response State Entered for supp_info=80D7E584 hwidb=807
D353C, swidb=807D4898 on intf=Fa0/17
00:19:07: dot1x-ev:Managed Timer in sub-block attached as leaf to master
00:19:07: dot1x-sm:Started the ServerTimeout Timer
00:19:07: dot1x-ev:Going to Send Request to AAA Client on RP for id = 2 and leng
th = 21
00:19:07: dot1x-ev:Got a Request from SP to send it to Radius with id 4294967285
00:19:07: dot1x-ev:Couldn't Find a process thats already handling the request fo
r this id 2
00:19:07: dot1x-ev:Inserted AAA request for interface FastEthernet0/17, MAC 0024
.1d10.d7c5, VLAN 0 on pending request queue
00:19:07: dot1x-ev:Found a free slot at slot 0
00:19:07: dot1x-ev:Found a free slot at slot 0
00:19:07: dot1x-ev:Processing AAA request for interface FastEthernet0/17, MAC 00
24.1d10.d7c5, VLAN 0 from pending request queue
00:19:07: dot1x-ev:Request id = -11 and length = 21
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:The Interface on which we got this AAA Request is FastEtherne
t0/17
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:07: dot1x-ev:Username is DUZEY\SAYTAMANER
00:19:07: dot1x-ev:MAC Address is 0024.1d10.d7c5
00:19:07: dot1x-ev:RemAddr is 00-24-1D-10-D7-C5/00-0F-24-E9-72-D1
00:19:07: dot1x-ev:Found a supplicant block for mac 0024.1d10.d7c5 80D7E584
00:19:19: dot1x-registry:dot1x_port_linkchange invoked on interface FastEthernet
0/17
00:19:19: dot1x-ev:supp_info=80D7E584 txWhen_timer=80D7E5D4 quietWhile_timer=80D
7E594reAuthWhen_timer=80D7E5B4 awhile_timer=80D7E5F4
00:19:19: dot1x-ev:destroy supplicant block for 0024.1d10.d7c5
00:19:19: dot1x-ev:supp_info=80D71C74 txWhen_timer=80D71CC4 quietWhile_timer=80D
71C84reAuthWhen_timer=80D71CA4 awhile_timer=80D71CE4
00:19:19: dot1x-ev:destroy supplicant block for 0000.0000.0000
00:19:19: dot1x-ev:Enter function dot1x_aaa_acct_end
00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:19:19: dot1x-ev:Found a supplicant block for mac 0000.0000.0000 80D71C74
00:19:19: dot1x-ev:dot1x_port_cleanup_author: cleanup author on interface FastEt
hernet0/17
00:19:19: dot1x-ev:dot1x_post_message_to_auth_sm: cleanup author from interface
This is driving me crazy, working on it for a whole week and no results..
Thank you..Hi again,
I have put the config on 2960. Now as soon as the authentication starts, this is the message on debug;
dot1x authentication unable to start - authenticator not enabled..
Any ideas?
regards,
onur -
Cisco ip phone 9971 registration failed with CME 8.5
Good day!
I have voice bundle 2951 with 15.1.3(T) IOS version and a few 9971 ip phones. In addition to it I've downloaded current SIP firmware for these phones (sip9971.9-2-1) and configured my CME as follows:
voice register global mode cme source-address 192.168.2.254 port 5060 max-dn 10 max-pool 5 load 9971 sip9971.9-2-1 timezone 13 create profile sync 0069043299436028!voice register dn 1 number 104 name 9971 SIP Phone label 104 mwi!voice register pool 1 id mac 688D.ABA4.A88B type 9971 number 1 104 presence call-list dtmf-relay rtp-nte codec g711ulaw no vadvoice service voip sip
registrar server expires max 3600 min 120
All SIP firmware files were uploaded to tftp server on CME and shared then:
tftp-server flash:kern9971.9-2-1.sebn tftp-server flash:rootfs9971.9-2-1.sebn tftp-server flash:sboot9971.031610R1-9-2-1.sebn tftp-server flash:sip9971.9-2-1.loads tftp-server flash:skern9971.022809R2-9-2-1.sebn tftp-server flash:dkern9971.100609R2-9-2-1.sebn tftp-server system:cme/sipphone
During the boot process all ip settings including option 150 were successfully updated by the phone:
ip dhcp pool voip_pool network 192.168.2.0 255.255.255.0 default-router 192.168.2.254 option 150 ip 192.168.2.254
But when the phone tries to get files on the CME it fails. The ouput of debug tftp events command shows that there is no such configuration file on tftp:
Jul 28 16:36:14.446: TFTP: read request from host 192.168.2.8(49158) via GigabitEthernet0/1Jul 28 16:36:14.446: TFTP: Looking for SEP68BDABA4A88B.cnf.xmlJul 28 16:36:14.446: TFTP: Sending error 1 No such fileJul 28 16:36:15.522: TFTP: Server request for port 49158, socket_id 0xA2EFEE4 for process 324Jul 28 16:36:15.522: TFTP: read request from host 192.168.2.8(49158) via GigabitEthernet0/1Jul 28 16:36:15.522: TFTP: Looking for XMLDefault.cnf.xmlJul 28 16:36:15.522: TFTP: Opened system:/its/vrf1/XMLDefault.cnf.xml, fd 14, size 3210 for process 324Jul 28 16:36:15.522: TFTP: Sending block 1 (retry 0), socket_id 0xA2EFEE4Jul 28 16:36:15.522: TFTP: Received ACK for block 1, socket_id 0xA2EFEE4Jul 28 16:36:15.522: TFTP: Sending block 2 (retry 0), socket_id 0xA2EFEE4Jul 28 16:36:15.522: TFTP: Received ACK for block 2, socket_id 0xA2EFEE4Jul 28 16:36:15.522: TFTP: Sending block 3 (retry 0), socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Received ACK for block 3, socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Sending block 4 (retry 0), socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Received ACK for block 4, socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Sending block 5 (retry 0), socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Received ACK for block 5, socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Sending block 6 (retry 0), socket_id 0xA2EFEE4Jul 28 16:36:15.526: TFTP: Received ACK for block 6, socket_id 0xA2EFE
So, i see this file on CME router in system/cme/sipphones direcotory:
Directory of system:cme/sipphone/ 747 -rw- 825 Jul 27 2011 16:10:04 +00:00 featurePolicyDefault.xml 744 -rw- 1 Jul 27 2011 15:59:49 +00:00 OS79XX.TXT 749 -rw- 3761 Jul 27 2011 16:10:04 +00:00 SEP688DABA4A88B.cnf.xml 742 -rw- 1948 Jul 27 2011 16:10:04 +00:00 SIPDefault.cnf 745 -rw- 4376 Jul 27 2011 16:10:04 +00:00 softkeyDefault.xml 746 -rw- 4342 Jul 27 2011 16:10:04 +00:00 softkeyDefault_kpml.xml 743 -rw- 69 Jul 27 2011 16:10:04 +00:00 syncinfo.xml
So, i dont quiet understand why the registration process was failed. Could anyone tell me if there are restrictions on the SIP firmware and IOS version in this case?
Thank you.linuxchild,
thank you. i checked this out, but i think it doesnt matter whether tftp-path statement is set or not in this case.
Configuration files for 9971 are located in system:cme/sipphone directory by default.
While I have this statement in tftp-server configuration, it should get this file from the server.
tftp-server system:cme/sipphone
i tried to configure it accordiing to this example.
Now i can see xml file in flash direcory:
30 1948 Aug 1 2011 09:48:52 +00:00 SIPDefault.cnf
31 69 Aug 1 2011 09:48:52 +00:00 syncinfo.xml
32 4342 Aug 1 2011 09:48:54 +00:00 softkeyDefault_kpml.xml
33 4376 Aug 1 2011 09:48:54 +00:00 softkeyDefault.xml
34 3787 Aug 1 2011 09:48:54 +00:00 SEP68BDABA4A88B.cnf.xml
35 825 Aug 1 2011 09:48:54 +00:00 featurePolicyDefault.xml
But i cant still get this file from tftp and have the same error:
*Aug 1 09:50:27.385: TFTP: read request from host 192.168.2.5(49157) via GigabitEthernet0/1
*Aug 1 09:50:27.385: TFTP: Looking for SEP68BDABA4A88B.cnf.xml
*Aug 1 09:50:27.385: TFTP: Sending error 1 No such file
Has anyone had such problem? -
Cisco aironet 1130g and windows 2003 with cisco ACS
hi
i have configured windows 2003 server with DNS ,Active directory users and dhcp server. and configured my cisco 1130g AP .
i have installed cisco access control server 4.0 because i use LEAP authentication protocol and for the ACS for network configuration i give aaa client ip addresss as AP interface ip and same shared secret for the AP and ACS,.
so when i log to wifi it ask username and password
problem is lap top cannot have a ip address my dhcp server not issue any ip address .
my hiper terminal massage is like this when i connect to wifi
help ...thank you...As I mentioned now several times already, it is the client and ACS which do the PEAP. The Access point doesn't have to be configured for an eap type. What you did on the AP was setting the AP as a radius server which is duplicate work with what you did on ACS.
So you need on your client to configure either PEAP or LEAP.
Nicolas -
Catalyst Express 500 802.1q with non-Cisco Phones
This weekend we spent hours trying to get 802.1q tagging to work on a VLAN with ShoreTel phones. The user interface on this switch seems to only allow "Cisco-Voice" VLAN, without any specifics. This didn't work. The specs on this switch say that the .1q is supported, but we couldn't figure it out. The more expensive switches were easier to configure for Voip QoS.
Can anyone advise me on the tricks to getting this to work with the lower end Catalyst Express 500? Or does this switch only support 802.1q with Cisco phones?Cisco IP Phone uses CDP to let the ip phone know what vlan it's suppose to be (via voice-vlan). shore tel would definitely not use CDP since CDP is cisco proprietory, so it's voice vlan must be defined on it, I rememer Avaya being the same way. So, having said that, just make sure that the Shore tel Ip phone are in the right vlan. what does not work anyway? shore Tel IP Phone will not come up? Will not get it's configuration from it's software PBX? Use the smartport configuration on CE500.
Please rate all posts. -
Cordless phones to work with Cisco SPA122
Hi there,
We have a customer site which has 10x Analogue handsets and some cordless phones running off an old pbx.
We are installing a new system including 10x SPA525's handsets but we need some cordless phones to run alongside them.
Can someone recommend cordless phones which will work with Cisco SPA122's please?Any one?
-
Cisco IP phone problem with external directory http error
Hi,
I have a problem when I try to open the directory on different model Cisco IP Phone for new deployment.
In CUCM (version 8.5) we have configured internal and external directory and on each device set the "service provisioning" to "both". For all the sites configured in CUCM this feature is working properly, but not in the new deployed site. I´ve already verified the url is written properly.
I get the following error messages for these different models:
- Cisco IP phone 8945: "HTTP connection failed"
- Cisco IP Comm: "HTTP error [500] "
Thank you for your help,
Regards,
David LozanoHi David,
What firmware are you using? Do you have 8945s on the other sites? I found a bug, but I'm not sure it applies to your description:
CSCty58000 Bug Details
8945 freezes when directories is pressed
Symptom:
8945 freezes when directories button is pressed.
Conditions:
This issue happens when the phone load is 9.2.3 and the directories URL doesn't contain port number.
Workaround:
Please use http://X.X.X.X:8080/ccmip/xmldirectory.jsp for the directories
URL instead of http://X.X.X.X/ccmip/xmldirectory.jsp
You can try upgrading to firmware 9.3(1)
Regards,
Tere. -
Cisco ACS 5.1 802.1x auth fails on LAN when WLAN connected
I am running Cisco ACS 5.1 802.1x with certificate based authentication for Wired and Wireless connections. The issue that I am having is that when a user comes in from home with their laptop the wireless connection works, they pass the authentication and have network access fine. But when the plug the laptop into a docking station the LAN connection fails and gets put in the Auth Failure Vlan.
A reboot of the phone/ shut/no shut fixes this, but I really need to find a resolution
This is an intermittent fault and only effects users with both LAN and WLAN enabled.
Running ACS 5.1.0.44, all Cisco 3750s - c3750-ipservicesk9-mz.122-55.SE.
Certificates are issues by group policy and only using computer authentication.
any help would be greatly appreciated
ThanksAfter a long TAC case with Cisco we discovered that the Mitel phone was not sending the EAPoL-Logoff packet so the switch still thought that the device off the back of the phone was connected.
There are no EAPoL-Logoff messages seen on switch when laptop is disconnected/port is shut down.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
This feature is supported by most IP phones - I do not know if Mitel phones support that but we cannot see this message in the debugs you sent.
As a workaround we can configure inactivity timer (by default it is infinity):
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/commmand/reference/cli1.html#wp11888691
This did resolve all our issues,
Aaron
Maybe you are looking for
-
When I try to compose an email from Godaddy's webmail in the Firefox browser. My steps are as follows: -Open Firefox. -Log in to Godaddy webmail. -I hit the compose button. -New window pops up. This is the window that I would compose an email in. - R
-
HT203200 This error occurs at the exact moment when step 2 ends during a wifi sync. Please help?
This error occurs at the exact moment when step 2 ends during a wifi sync. Please help? Every single time I cannot find a solution
-
Can I use mp3 song as message tone?
I would like to use my mp3 song as message or sms tone instead of the standard tone on the iphone. My previous smart phone (Samsung Galaxy S) is able to do so. Please advise.
-
Foxnews live won't load/stream on iPad.
Foxnews programs run on the iPad but Foxnews live doesn't. I've deleted the FoxNews app, re-installed and the problem still exisits.
-
Hi, A customer want to have a dashboard with a chart, click the chart and drill through another dashboard, no need to pass parameters. Have you done something similar, with Power BI Regards, Isabel