https://community.cisco.com/t5/network-access-control/auto-smartports/m-p/2259942#M136796 <HTML><HEAD></HEAD><BODY><P>Duplicate post.&nbsp; <SPAN __jive_emoticon_name="silly" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/silly.gif"></SPAN></P></BODY></HTML> Wed, 08 May 2013 21:59:23 GMT Leo Laohoo 2013-05-08T21:59:23Z https://community.cisco.com/t5/network-access-control/auto-smartports/m-p/2259941#M136768 <DIV><P>We are trying to get our cisco&nbsp; switches (2960) to handle 802.1x with MAB on or network.&nbsp; We are wanting&nbsp; our cisco phones to authenticate by MAB on our Microsoft NPS server and&nbsp; return a AV pair with a smartport trigger.&nbsp; We can only get the phones&nbsp; to come up correctly if we pass the vlan VSA's back to the switch,&nbsp; without the AV pair.&nbsp; When only pass back the AV pair the switch sees&nbsp; the trigger, but the macro ( we just map it to the builtin</P><P>CISCO_PHONE_AUTO_SMARTPORT ) doesn't run (or it fails during the run). </P><P></P><P>Switch Info: </P><P>Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(1)SE2</P><P></P><P></P><P>Below is an example of the config from an interface:</P><P></P><P>interface GigabitEthernet1/0/6</P><P>switchport mode access</P><P>authentication host-mode multi-domain</P><P>authentication order mab dot1x</P><P>authentication port-control auto</P><P>mab</P><P>dot1x pae authenticator</P><P></P><P></P><P>Below is: show shell triggers</P><P></P><P>User defined triggers</P><P>---------------------</P><P>Trigger Id: CRCSD_PHONE_MACRO</P><P>Trigger namespace: DEFAULT</P><P>Trigger description: CRCSD_PHONE_MACRO</P><P>Trigger mapping function: </P><P>Parameters: VOICE_VLAN=61</P><P>Current version: 1</P><P>Negotiated version: 1</P><P>Mapped Function: CISCO_PHONE_AUTO_SMARTPORT</P><P></P><P></P><P>Like&nbsp; I said the NPS server is authenticating everything correctly.&nbsp; I've&nbsp; enabled debugging macro auto all to see if it's knowing what to&nbsp; process.&nbsp; I can see the trigger name in the debug output so it's&nbsp; authenticating correctly and passing back the vendor specifc attribute,&nbsp; just not running the macro.</P><P></P><P>Now&nbsp; I did see that when you do enable auto smartports globally you get a&nbsp; whole bunch of log/debug messages.&nbsp; I'm assuming that it's CDP/MAC/LLDP&nbsp; all seeing the device and trying to determine what kind of a device it&nbsp; is.&nbsp; Is there anyway to not have those protocols run or block them from&nbsp; trying to run macros?</P><P></P><P>Any help or ideas would be greatly appreciated!</P><P></P><P>Thanks,</P><P></P><P>-B</P></DIV> Mon, 11 Mar 2019 03:24:38 GMT https://community.cisco.com/t5/network-access-control/auto-smartports/m-p/2259941#M136768 bwedel1234 2019-03-11T03:24:38Z https://community.cisco.com/t5/network-access-control/auto-smartports/m-p/2259942#M136796 <HTML><HEAD></HEAD><BODY><P>Duplicate post.&nbsp; <SPAN __jive_emoticon_name="silly" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/silly.gif"></SPAN></P></BODY></HTML> Wed, 08 May 2013 21:59:23 GMT https://community.cisco.com/t5/network-access-control/auto-smartports/m-p/2259942#M136796 Leo Laohoo 2013-05-08T21:59:23Z