[cisco-voip] Implementing 802.1x for IP Phones - issue with UCM timeout

[Pawlowski, Adam]

I've not implemented this with the phones, but, I would check the phone log to see if it thinks a VLAN change is taking place, and the device is dropping off the network at a session renewal time. Depending on the volume of devices you may want session renewal times to be in the order of days, if ever, if it's set to 45 minutes or something.

Best,

Adam

From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Riley, Sean
Sent: Thursday, September 17, 2020 6:00 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Implementing 802.1x for IP Phones - issue with UCM timeout

We are working on implementing 802.1x with our 8851 ip phones.  We have installed the LSC cert and enabled 802.1x on a few phones for testing.  We are using Cisco ISE and the switch is configured for host mode multi domain.  Everything seemed to be working fine, until we noticed the phones were resetting about every 48 minutes.  Looking at the logs on the phone it seems it is being reset due to a timeout with CUCM.

ReasonForOutOfService=10 followed by a ReasonForOutOfService=23

My Cisco ISE admin didn't see anything on that side that he thinks is causing the timeout, and we only seem to see this issue after registering the phone with 802.1x enabled.

Any thoughts before I start collecting traces and wireshark captures.

CUCM v 11.5(1) SU6
IP phones are on latest firmware 12.7 or 12.8

Thanks.

Sean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200918/2c64b68b/attachment.htm>