Showing results for 
Search instead for 
Did you mean: 

MAB, 802.1x and ACS 4.2

Level 1
Level 1

Hi all,

Currently i'm using an ACS4.2 as radius server, some switch 2960-s ios 12.2.(55)se5, ipphone Alcatel iptouch 4018 and i would like to assign dinamic vlan to some specific users/laptop Daisy-chained to ip phone.

Logic connection is:   users laptop---->ipphone---->switch---->radius

What i need is:

if I connect MY laptop to the ipphone port, i receive a specific vlan ( vlan 58 )
if SOMEONE else ( i.e. a consultant ) connect his laptop to the SAME ipphone port (if available) he has to receive a different vlan ( vlan 1).

I've been able to reach the goal using MACRO but it tooks too much time to authenticate ( approx 1 min ) so i give up and tried a different faster  way ( 802.1x and MAB ).

i've been able to authenticate the ip-phone using 802.1x auth and to receive the correct vlan when i connect MY laptop (MAB auth)  but i was not able to provide the VLAN 1 to the Consultant when he connect his laptop even if the "authentication event fail action authorize vlan 1"  is configured.

I used the dot1x auth-fail vlan  because i'm not able to use MAB or 802.1x auth on external laptop. I also tried with guest vlan with no luck.
In both case the "consultant" remain in "auth failed"


Here my current configuration

dot1x system-auth-control
dot1x guest-vlan supplicant
identity profile default

interface GigabitEthernet1/0/1
 switchport mode access
 switchport voice vlan 30
 authentication host-mode multi-auth

authentication event fail action authorize vlan 1
 authentication order mab dot1x
 authentication port-control auto
 dot1x pae authenticator
 dot1x timeout tx-period 2
 dot1x max-reauth-req 1
 storm-control broadcast level 2.00
 storm-control multicast level 2.00
 spanning-tree portfast


On ACS side i have 2 groups

first Group authenticate the iphone and supply the voice vlan ( vlan 30)

Second Group authenticate using MAB and supply the vlan 58

is there a different way to accomplish this task?

Thank you in advance









1 Reply 1

Level 1
Level 1


any ideas?