Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3918
Views
10
Helpful
15
Replies

802.1x and Cisco IP phones

Go to solution
pthaynes
Level 1
Level 1

‎05-10-2005 03:22 PM - edited ‎03-09-2019 11:13 AM

I have 802.1x configured on a Cisco 2950 switch. On ports where I have PCs plugged into the data port on the IP phones users sometimes get placed in the guest vlan. If they shut down their attached PC and then unplug the network cable (the one between the switch and the phone), then re-plug in the cable and boot their PC it seems to authenticate them again.... sometimes. The config for the ports with phones configured is as below:

interface FastEthernet0/4

switchport access vlan 4

switchport mode access

switchport voice vlan 200

switchport port-security

switchport port-security maximum 2

no ip address

dot1x port-control auto

dot1x host-mode multi-host

dot1x guest-vlan 3

spanning-tree portfast

Does anyone have a possible fix or work around?

Thanks in advance,

Peter

Labels:
0 Helpful
15 Replies 15

Go to solution
jafrazie
Cisco Employee
Cisco Employee
In response to marcus_pek

‎11-09-2006 06:32 AM

I was referring to Cisco phones. That firmware is shipping. Cisco phones have the caability of sending an EAPOL-Logoff on behalf of the PC when a PC unplugs to address your issues discussed here.

As for MSFT, there is no way to configure the supplicant (even through the registry) to send EAPOL-Logoff without losing machine-auth ability. In the upcoming Vista platform, it will not send EAPOL-Logoffs at all, due to percieved security threat. I invite you to discuss this with MSFT further if you need details, or need EAPOL-Logoffs to be sent, etc.

Hope this helps,

0 Helpful
Customers Also Viewed These Support Documents