dot1x mda

david.gras · ‎03-05-2015

Hi,

I have to use dotx and mda with a nps Windows server and non-Cisco phone but Cisco switch (cause I have a PC connected behind a phone and both must be authenticated).

I've succedded as my phone and my pc connected behind the phone suceed authentication and authorization and a "show authentication sessions" show me that authentication is right in domain DATA and VOICE.

But a few minutes after, there is port violation beacuse the phone (yealink) try to authenticate again and fails this time (while it had succeeded the first time...)

I really does not understand what can happen and why it's ok a frist time and ko few minutes later...

Thank you for your help!

M02@rt37 · ‎03-16-2018

Hi @david.gras

The port of your cisco switch is like this?

interface GigabitEthernet1/0/XX
description IP-PHONE&COMPUTER
switchport access vlan 21
switchport mode access
switchport voice vlan 20
authentication host-mode multi-domain
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable

[.......]

Do you check this cisco dicumentation?

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/5700/sec-user-8021x-xe-3se-5700-book/sec-ieee-mda.pdf

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

R0g22 · ‎03-16-2018

Do this happen only when the PC connected to the phone is unplugged or logged off ? Try disabling CDP on this port and have LLDP only. Next, take a pcap from the switchport. It will give better insight to what is happening. Also, if you have a Cisco IP Phone, use that and see if the behaviour is the same or not.