Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
4
Helpful
8
Replies

Authentication issue

Go to solution
ShareefKooliyodan0444
Level 1
Level 1

‎07-12-2023 02:46 AM

is there any solution to authenticate multiple mac address for voice i mean for IP phone into  the ISE . 

My switch is connected with 6 ip phones cisco 2960 , and this switch is connected to cisco other switch model C9410R-is port number and conf details as below, 

interface GigabitEthernet3/0/24
switchport mode access
dot1x timeout tx-period 7
dot1x max-reauth-req 3
source template DefaultWiredDot1xClosedAuth
spanning-tree portfast
spanning-tree bpduguard enabl

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎07-12-2023 02:49 AM - edited ‎07-12-2023 02:55 AM

Multi auth what you need 

Dot1x host-mode multi auth 

This can make each mac auth MAB to ISE 

View solution in original post

Go to solution
Rob Ingram
VIP
VIP
In response to ShareefKooliyodan0444

‎07-12-2023 04:53 AM

@ShareefKooliyodan0444  Multi-auth supports 1 device in the voice domain and multiple devices in the data domain, so you cannot authenticate multiple phones to the voice domain on the same interface (if that's what you are doing).

View solution in original post

8 Replies 8

Go to solution
MHM Cisco World
VIP
VIP

‎07-12-2023 02:49 AM - edited ‎07-12-2023 02:55 AM

Multi auth what you need 

Dot1x host-mode multi auth 

This can make each mac auth MAB to ISE 

Go to solution
ShareefKooliyodan0444
Level 1
Level 1
In response to MHM Cisco World

‎07-12-2023 02:53 AM

Yes I need muti- auth for IP phones 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ShareefKooliyodan0444

‎07-12-2023 02:54 AM

Dot1x host-mode multi auth  

This command what you need then

0 Helpful

Go to solution
ShareefKooliyodan0444
Level 1
Level 1
In response to MHM Cisco World

‎07-12-2023 03:18 AM

which cmd i should from below ?

(config-if)#dot1x host-mode ?
multi-domain Multiple Domain Mode
multi-host Multiple Host Mode
single-host Single Host Mode

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ShareefKooliyodan0444

‎07-12-2023 03:50 AM

this SW not support multi auth ? only these mode available?
what is SW platform and IOS ver. 
thanks 
MHM 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to ShareefKooliyodan0444

‎07-12-2023 04:53 AM

@ShareefKooliyodan0444  Multi-auth supports 1 device in the voice domain and multiple devices in the data domain, so you cannot authenticate multiple phones to the voice domain on the same interface (if that's what you are doing).

Go to solution
MHM Cisco World
VIP
VIP
In response to Rob Ingram

‎07-12-2023 09:52 AM - edited ‎07-12-2023 09:53 AM

domain is use to separate data and voice connect to same PORT
@ShareefKooliyodan0444  are you connect PC and Phone to same port ? or you connect only phone ?

multi-auth I check is default in some SW, so only NO dot1x host-mode multi-host will return port to default

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎07-12-2023 05:37 AM

Are the phone ports configured to do dot1x or MAB? also, could you please share the configuration of the template "DefaultWiredDot1xClosedAuth" for review? in case you need to change the host mode you should do it from within the "DefaultWiredDot1xClosedAuth" template as you seem to be using C3PL on that switch.

0 Helpful
Customers Also Viewed These Support Documents