cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1876
Views
0
Helpful
12
Replies

Critical Authentication VLAN: MDA Mode

Marco Serato
Level 1
Level 1

Hello again

One problem is solved, but another problem has come.

I use the MDA Mode. And if the radius is not available, the voice and data device will placed in the data domain.

A security voliation blocked the port after: SECURITY_VIOLATION: Security violation on the interface FastEthernet0/1, new MAC address...

What can I do? Only the data device should placed in the critical VLAN.The voice device should not move in any vlan, when this szenario ocur.

I use IOS 12.2.(55)SE1.

Here a short excert of the configuration:

interface FastEthernet0/1

switchport mode access

switchport voice vlan 2

authentication event server dead action authorize vlan 3

authentication event server alive action reinitialize

authentication host-mode multi-domain

authentication port-control auto

dot1x pae authenticator

Thanks for any help.

Marco Serato

12 Replies 12

Tarik Admani
VIP Alumni
VIP Alumni

Marco,

A new feature which is the critical voice vlan feature is out to support this:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-2mt/crit-vce-vlan-supp.html

Here is the command you need to run based off the configuration guide:

authentication event server dead action authorize voice

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1547387

Thanks,

Tarik Admani

I have read this article. But the command does not work in my IOS. This command is for Cisco IOS Release 15.2M&T. I typed this command on the interface, is this right?

Authenticator(config-if)#$ion event server dead action authorize voice

authentication event server dead action authorize voice (unter vo is the '^'. It seems he doesn´t know voice )

                                                                         ^                                              

% Invalid input detected at '^' marker.

Marco,

This is the same switch which is running 12.2(55)SE also what model switch is this?

Thanks,

Tarik Admani

It is a Catalyst 2960.

Marco Serato

Can you paste the show version output for me?

Thanks,

Tarik Admani

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Thu 02-Dec-10 08:16 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x01800000

ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Authenticator uptime is 2 days, 4 hours, 29 minutes

System returned to ROM by power-on

System image file is "flash:/c2960-lanbasek9-mz.122-55.SE1.bin"

Switch Ports Model             SW Version            SW Image

------ ----- -----             ----------           ----------

*   1 26   WS-C2960-24TT-L   12.2(55)SE1           C2960-LANBASEK9-M

Marco,

I also see the same issue you are seeing and I am running 12.2(58)SE on a 2960S. Give me some time to see what I can find, if you need immediate assistance I would suggest opening a tac case and posting what the resolution steps are.

thanks,

tarik Admani

If the problem can be solved by next week, that will be fine.

  Thanks for their help.

Best regards Marco

Hello Tarik Admani, are there some new information about the problem?

Best regards Marco

Marco,

Please open a TAC case and see if an engineer can help you, either there is a bug in the documentation or there is a bug in this version of code. Once you get an answer please share with this forum.

Thanks,

Tarik Admani
*Please rate helpful posts*

I have not the right to open a TAC. Can you open a ticket, please?

Best regards Marco

I dont work for Cisco, so i dont have the ability to do so. However please contact your partner, or Cisco account rep so they can get you the proper support for this.

Thanks,

Tarik Admani
*Please rate helpful posts*