Hello, 

I am trying to implement MAB on cisco C2960 switch with NPS as Radius server, but phones are not registering in VOICE VLAN. Instead they are automatically placed in DATA vlan, even though I have "switchport voice vlan 20" configured. These are  GRANDSTREAM IP phones.

NPS server is configured with: cisco AV pair: device-traffic-class=voice as well as with  Tunnel-Pvt-Group-ID=20.

I can't seem to figure out how to place the phone in correct VLAN. I tried numerous different approaches but still nothing.
Any help would be much appreciated !!

Here is the configuration:

show auth sessions int fa0/17
Interface: FastEthernet0/17
MAC Address: 000b.8273.af53
IP Address: Unknown
User-Name: 000b8273af53
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A2636020000002D0055D7A1
Acct Session ID: 0x0000002F
Handle: 0x7300002E

Runnable methods list:
Method State
mab Authc Success

interface FastEthernet0/17
switchport access vlan 40
switchport mode access
switchport voice vlan 20
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
load-interval 60
authentication host-mode multi-domain
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
no snmp trap link-status
dot1x pae authenticator
spanning-tree portfast

------------------------------------------------------------

show mac add int fa0/17
Mac Address Table
-------------------------------------------

Vlan          Mac Address          Type      Ports
----            -----------      --------           -----
20    000b.8273.af53    DYNAMIC      Drop
40    000b.8273.af53    STATIC           Fa0/17

Total Mac Addresses for this criterion: 2

------------------------------------------------------------------