Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1356
Views
0
Helpful
2
Replies

Repeat authentication count on Mitel ip phones

ade5
Level 1
Level 1

‎05-28-2019 09:05 AM

Good morning,

I am hoping someone can shed me some light as to why I am seeing repeat authentication counts on Mitel ip phones in ISE. 

The Mitel ip phones are connected to switch  Cisco Catalyst 2960-24PC-L . It is repeating every minute. It is showing authentication successful via MAB however it keeps reauthentication over again. 

 

The authorization profile is not configured for reauthentication timer.

 

I am seeing the configuration below to one of the mitel connected phone.

 

configuration on the switch port it is connected:

interface FastEthernet0/19

switchport mode access

no logging event link-status

authentication event fail action next-method

authentication event server dead action authorize

authentication event server dead action authorize voice

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication open

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

mab

no snmp trap link-status

dot1x pae authenticator

dot1x timeout tx-period 3

no mdix auto

spanning-tree portfast

spanning-tree bpduguard enable

 

 

 

0 Helpful
2 Replies 2

Jason Kunst
Cisco Employee
Cisco Employee

‎05-28-2019 01:20 PM

Have you tried with a laptop perhaps? Is the switchport running anything else on it? Are you doing voice vlan with a PC behind it?

What other troubleshooting have you done? Might be good to open a tac case for troubleshooting as well. More info at hwo to ask the community for help at http://cs.co/ise-help
0 Helpful

yalbikaw
Cisco Employee
Cisco Employee

‎05-28-2019 02:48 PM - edited ‎05-28-2019 02:52 PM

Hello, 

 

i can see you are using authentication periodic 

please remove it if there is no need for it or tune it like below 

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a3.html#wp6785181440

 

Usage Guidelines

Use the authentication periodic command to enable automatic reauthentication on a port. To configure the interval between reauthentication attempts, use the authentication timer reauthenticate command.

Examples

The following example shows how to enable reauthentication and sets the interval to 1800 seconds:


Device(config)# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# interface fastethernet0/2
Device(config-if)# authentication periodic 
Device(config-if)# authentication timer reauthenticate 1800

 

let me know how it goes, also check if the server dead alive is flapping or not 

since you used the timer based on server session so double check this.

 

 

 

Wishes,

 

0 Helpful
Customers Also Viewed These Support Documents