Technical Tip: IP Phones in the Production VLAN instead of Voice VLAN

FortiKoala · ‎09-28-2018

Description

This article describes an issue with IP Phones going to wrong VLAN.

Scope

FortiNAC

Solution

There was a bug before v8.0.4 of Network Sentry where IP Phones were registered erroneously as Registered Hosts and subsequently treated as hosts instead of IP Phones.

To verify this is the case, login to the CLI of the Network Sentry Server and issue the command:

Client -mac <replace with mac address of IP Phone>

If Type = DynamicClient rather than IP-Phone then this is the bug. See example output:

client -mac 00:21:E1:FF:98:5B

Client starting

Found 1 matches for client

T0021E1FF985B.ds.ohnet

DBID = 189487

MAC = 00:21:E1:FF:98:5B

IP = 172.23.109.36

Status = Connected

State = Initial

Type = DynamicClient

Ident = null

UserID = null

ParentID = 152054

Role = Production (Auto/Auto)

Security Access Value = null

OS = IP Phone Nortel

Location = sc-gmhmh02s-01.ds.ohnet Gi1/16

Client Not Authenticated = false

Client needs to authenticate = false

Logged On = false

At-Risk = false

Host role = Production (Auto/Auto)

VpnClient = false

CLIENT ATTRIBUTES

VendorName NORTEL IP PHONE

DpcRuleId 22

DpcRuleName Voice - IP Phones (OUI)

DpcGroupId 18820

DpcImageType IP-Phone

ImageType IP-Phone

Client has no extended attributes

Client is not connected to user

To address this issue, log in to the Admin UI and navigate to the Hosts -> Hosts View, locate the affected devices and modify them. Set the Device Type field to IP Phone.

If there are many affected IP Phones, it may be more convenient to export them and then import them using the adap.mac and host.devType fields. Set host.devType to IP Phone.

Technical Tip: IP Phones in the Production VLAN instead of Voice VLAN

You are leaving our website