06-19-2010 07:14 PM - edited 03-09-2019 11:02 PM
I have configured MAB (MAC Authentication Bypass) with MDA (Multi Domain Access). All devices are successfully authenticating with their respective VLAN. MAB devices got authenticating as Voice.
I am using ACS (Radius) for authentication and DHCP relay.
Problem is voice device is not getting IP from DHCP server. There is no error reporting on switch and radius. Without Dot1x everything is working.
switchport access vlan 105
switchport mode access
switchport voice vlan 108
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
dot1x mac-auth-bypass eap
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-domain
dot1x max-req 1
dot1x guest-vlan 105
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source
06-19-2010 08:54 PM
Zubair,
Can you please furnish a sh ver and a sh runn from the switch? What version of ACS are you using? Are you sending back any attributes back for the phone?
Faisal
06-19-2010 11:57 PM
we are using 3 Layer model (Core, Distribution & Access) and all VLAN interfaces are on distribution.
I am passing av-pair value device-traffic-class=voice from ACS
We are using ACS 4.1 for windows and ACS is successfully authenticating both devices.
Even show Dot1x Interface shows proper authentication with proper domain
06-20-2010 10:18 AM
Zubair,
Please disable port-security and try again.
HTH,
Faisal
06-20-2010 09:08 PM
06-22-2010 06:59 AM
Zubair,
Interesting. Have you given LLDP a shot yet with your phones? What sort of phones are you using?
Faisal
06-22-2010 07:35 AM
Dear Faisal,
I am using Siemens OptiPoint and I think that is not supporting CDP/LLDP.
Regards,
Zubair
06-22-2010 02:13 PM
Zubair,
Last thing I'd ask you to try is to remove the ip source verify and port-security commands both, and test.
If that doesn't fly then open a TAC case.
Thanks,
Faisal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide