07-12-2012 07:05 AM - edited 03-10-2019 07:17 PM
Hello again
One problem is solved, but another problem has come.
I use the MDA Mode. And if the radius is not available, the voice and data device will placed in the data domain.
A security voliation blocked the port after: SECURITY_VIOLATION: Security violation on the interface FastEthernet0/1, new MAC address...
What can I do? Only the data device should placed in the critical VLAN.The voice device should not move in any vlan, when this szenario ocur.
I use IOS 12.2.(55)SE1.
Here a short excert of the configuration:
interface FastEthernet0/1
switchport mode access
switchport voice vlan 2
authentication event server dead action authorize vlan 3
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication port-control auto
dot1x pae authenticator
Thanks for any help.
Marco Serato
07-12-2012 07:11 AM
Marco,
A new feature which is the critical voice vlan feature is out to support this:
Here is the command you need to run based off the configuration guide:
authentication event server dead action authorize voice
Thanks,
Tarik Admani
07-12-2012 07:18 AM
I have read this article. But the command does not work in my IOS. This command is for Cisco IOS Release 15.2M&T. I typed this command on the interface, is this right?
Authenticator(config-if)#$ion event server dead action authorize voice
authentication event server dead action authorize voice (unter vo is the '^'. It seems he doesn´t know voice )
^
% Invalid input detected at '^' marker.
07-12-2012 07:29 AM
Marco,
This is the same switch which is running 12.2(55)SE also what model switch is this?
Thanks,
Tarik Admani
07-12-2012 07:38 AM
It is a Catalyst 2960.
Marco Serato
07-12-2012 08:43 AM
Can you paste the show version output for me?
Thanks,
Tarik Admani
07-12-2012 08:52 AM
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 08:16 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01800000
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
Authenticator uptime is 2 days, 4 hours, 29 minutes
System returned to ROM by power-on
System image file is "flash:/c2960-lanbasek9-mz.122-55.SE1.bin"
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TT-L 12.2(55)SE1 C2960-LANBASEK9-M
07-12-2012 09:01 AM
Marco,
I also see the same issue you are seeing and I am running 12.2(58)SE on a 2960S. Give me some time to see what I can find, if you need immediate assistance I would suggest opening a tac case and posting what the resolution steps are.
thanks,
tarik Admani
07-12-2012 11:34 AM
If the problem can be solved by next week, that will be fine.
Thanks for their help.
Best regards Marco
07-23-2012 05:27 AM
Hello Tarik Admani, are there some new information about the problem?
Best regards Marco
07-23-2012 08:21 AM
Marco,
Please open a TAC case and see if an engineer can help you, either there is a bug in the documentation or there is a bug in this version of code. Once you get an answer please share with this forum.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-23-2012 01:04 PM
I have not the right to open a TAC. Can you open a ticket, please?
Best regards Marco
07-23-2012 03:00 PM
I dont work for Cisco, so i dont have the ability to do so. However please contact your partner, or Cisco account rep so they can get you the proper support for this.
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide