11-13-2017 05:00 AM - edited 02-21-2020 10:38 AM
Hi everyone,
I have a Cisco Switch 2960. With 2 vlan :
vlan 195 : DATA : From f0/1 to f0/24
vlan 14 : VOICE : From f0/1 to f0/24
I config on Switch as below :
enable config terminal no ip domain lookup lin con 0 logg syn exit logging console information ####### 802.1x and MAB ####### aaa new-model aaa authentication dot1x default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting dot1x default start-stop group radius aaa session-id common aaa accounting update periodic 5 radius-server host 10.145.220.19 auth-port 1812 acct-port 1813 key abcd2314 radius-server dead-criteria time 30 tries 3 radius-server vsa send authentication radius-server vsa send accounting radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include int vlan 195 ip add 10.145.195.245 255.255.255.0 ip helper-address 10.145.195.1 exit ip radius source-interface vlan 195 aaa server radius dynamic-author client 10.145.220.19 server-key abcd2314 exit access-list 10 permit host 10.145.220.19 access-list 10 deny any log ip access-list ext ACL_DEFAULT permit udp any eq bootpc any eq bootps permit udp any any eq domain permit icmp any any permit udp any any eq tftp permit ip any host 10.145.220.19 deny ip any any log exit dot1x system-auth-control ip device tracking int range f0/1-6 switchport host switchport acc vlan 195 switchport voice vlan 14 ip access-group ACL_DEFAULT in spanning-tree portfast spanning-tree bpduguard ena authentication priority dot1x mab authentication order dot1x mab authentication event fail action next-method authentication host-mode multi-auth authentication violation restrict dot1x pae authenticator mab dot1x timeout tx-period 10 authentication port-control auto exit
When i connect laptop to switch and try to authen and author by MAB (disable 802.1X on interface) and dot1x. It all working well. When i connect IPphone to Switch. It Authen and Author Success but still can't recive IP. When i use command "show authentication session interface f0/5" : the domain is DATA not VOICE. and IP that IPphone receive is belong to vlan 195 and and it just show up on Switch. On IPphone, it receive right vlan : 14 but don't receive for vlan 14. The log is below :
PP.L1.SW01(config)#do sho auth sess int f0/5 Interface: FastEthernet0/5 MAC Address: 0007.3b93.92fc IP Address: 10.145.195.173 User-Name: 00-07-3B-93-92-FC Status: Authz Success Domain: DATA Oper host mode: multi-auth Oper control dir: both Authorized By: Authentication Server Vlan Policy: N/A Session timeout: N/A Idle timeout: N/A Common Session ID: 0A91C3F50000007801618844 Acct Session ID: 0x00000062 Handle: 0x1C000079 Runnable methods list: Method State dot1x Failed over mab Authc Success PP.L1.SW01(config)#do sho vla VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active 14 PP.VOICE.LAN active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 195 PP.2F-IT.LAN active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 311 PP.GF.MF.1F.LAN active PP.L1.SW01#sho mac address-table interface f0/5 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 195 0007.3b93.92fc DYNAMIC Drop Total Mac Addresses for this criterion: 1
Hope any one deal with this problem before.
Many thank
09-29-2018 12:48 AM
Hi,
Can you provide the authorization profile that you are using for ip phone?
Please make sure voice permission is checked on the authorization profile that you are using for IP phone.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide