cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
441
Views
0
Helpful
2
Replies

dot1x mda

david.gras
Level 1
Level 1

Hi,

 I have to use dotx and mda with a nps Windows server and non-Cisco phone but Cisco switch (cause I have a PC connected behind a phone and both must be authenticated).

I've succedded as my phone and my pc connected behind the phone suceed authentication and authorization and a "show authentication sessions" show me that authentication is right in domain DATA and VOICE.

But a few minutes after, there is port violation beacuse the phone (yealink) try to authenticate again and fails this time (while it had succeeded the first time...)

I really does not understand what can happen and why it's ok a frist time and ko few minutes later...

 

Thank you for your help!

2 Replies 2

M02@rt37
VIP
VIP

Hi @david.gras

 

The port of your cisco switch is like this?

interface GigabitEthernet1/0/XX
description IP-PHONE&COMPUTER
switchport access vlan 21
switchport mode access
switchport voice vlan 20
authentication host-mode multi-domain
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable

 [.......]

 

Do you check this cisco dicumentation?

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/5700/sec-user-8021x-xe-3se-5700-book/sec-ieee-mda.pdf

 

 

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

R0g22
Cisco Employee
Cisco Employee
Do this happen only when the PC connected to the phone is unplugged or logged off ? Try disabling CDP on this port and have LLDP only. Next, take a pcap from the switchport. It will give better insight to what is happening. Also, if you have a Cisco IP Phone, use that and see if the behaviour is the same or not.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: