https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963065#M5413 <HTML><HEAD></HEAD><BODY><P>The jist of this is, with MDA configured, it will never allow access to anything, unless it sees a client on the wire. Whever you plug it in, it will try to authenticate the device with 802.1X. If 802.1X times out, then fallback options like MAB, the Guest-VLAN come into play.</P><P></P><P>Can you cut-n-paste your current port-config?</P><P></P><P>Largely, you should be seeing the same thing with MDA that you'd see when you plug directly into the switch to begin with. Beware that 802.1X takes 90-sec to timeout by default. This could be the issue you're facing here.</P><P></P><P>HTH a little in the meantime,</P></BODY></HTML> Mon, 16 Jun 2008 17:56:53 GMT jafrazie 2008-06-16T17:56:53Z https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963062#M5410 <P>hi , i'm installing ipphone on 3560 with 802.1x authentication and host mode multi-domain ,all works fine for ipphone but PC behind ipphone can't </P><P>receive an ip address via dhcp although dot1x guest vlan data is configured, is supplicant and 802.1x authentication mandatory on pc as on ipphone or can i have only authentication on ipphone and none on PC ? </P><P>is there some issue known for that situation ? </P><P>how long is a mac addres locked if dot1x authen failed ? is that timer configurable ? is the mac address locked for the port or for all switch port ? </P><P></P><P>Regards</P><P></P> Fri, 21 Feb 2020 18:21:25 GMT https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963062#M5410 a.diot 2020-02-21T18:21:25Z https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963063#M5411 <HTML><HEAD></HEAD><BODY><P>Is your PC 802.1X enabled? If so, is it enabled to send EAPOL-Start frames?</P></BODY></HTML> Mon, 16 Jun 2008 00:57:43 GMT https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963063#M5411 jafrazie 2008-06-16T00:57:43Z https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963064#M5412 <HTML><HEAD></HEAD><BODY><P>hi Jafrazie ,</P><P></P><P>No , authent isn't enabled on windows PC and i noticed that behavor with XP and 2000 stations,</P><P>i have to unplug the ipphone in order to have the pc working , dhcp release or renew doesn't work (no network) then pc ip address is 169...</P><P>i will try to take some trace to confirm that the pc is not sending some eap frames </P></BODY></HTML> Mon, 16 Jun 2008 17:52:59 GMT https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963064#M5412 a.diot 2008-06-16T17:52:59Z https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963065#M5413 <HTML><HEAD></HEAD><BODY><P>The jist of this is, with MDA configured, it will never allow access to anything, unless it sees a client on the wire. Whever you plug it in, it will try to authenticate the device with 802.1X. If 802.1X times out, then fallback options like MAB, the Guest-VLAN come into play.</P><P></P><P>Can you cut-n-paste your current port-config?</P><P></P><P>Largely, you should be seeing the same thing with MDA that you'd see when you plug directly into the switch to begin with. Beware that 802.1X takes 90-sec to timeout by default. This could be the issue you're facing here.</P><P></P><P>HTH a little in the meantime,</P></BODY></HTML> Mon, 16 Jun 2008 17:56:53 GMT https://community.cisco.com/t5/network-access-control/dot1x-multi-domain-authent-issue/m-p/963065#M5413 jafrazie 2008-06-16T17:56:53Z