cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

974
Views
0
Helpful
12
Replies
Highlighted
Beginner

Critical Authentication VLAN: MDA Mode

Hello again

One problem is solved, but another problem has come.

I use the MDA Mode. And if the radius is not available, the voice and data device will placed in the data domain.

A security voliation blocked the port after: SECURITY_VIOLATION: Security violation on the interface FastEthernet0/1, new MAC address...

What can I do? Only the data device should placed in the critical VLAN.The voice device should not move in any vlan, when this szenario ocur.

I use IOS 12.2.(55)SE1.

Here a short excert of the configuration:

interface FastEthernet0/1

switchport mode access

switchport voice vlan 2

authentication event server dead action authorize vlan 3

authentication event server alive action reinitialize

authentication host-mode multi-domain

authentication port-control auto

dot1x pae authenticator

Thanks for any help.

Marco Serato

Everyone's tags (4)
12 REPLIES 12
Advocate

Critical Authentication VLAN: MDA Mode

Marco,

A new feature which is the critical voice vlan feature is out to support this:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-2mt/crit-vce-vlan-supp.html

Here is the command you need to run based off the configuration guide:

authentication event server dead action authorize voice

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1547387

Thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*
Beginner

Re: Critical Authentication VLAN: MDA Mode

I have read this article. But the command does not work in my IOS. This command is for Cisco IOS Release 15.2M&T. I typed this command on the interface, is this right?

Authenticator(config-if)#$ion event server dead action authorize voice

authentication event server dead action authorize voice (unter vo is the '^'. It seems he doesn´t know voice )

                                                                         ^                                              

% Invalid input detected at '^' marker.

Advocate

Critical Authentication VLAN: MDA Mode

Marco,

This is the same switch which is running 12.2(55)SE also what model switch is this?

Thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*
Beginner

Critical Authentication VLAN: MDA Mode

It is a Catalyst 2960.

Marco Serato

Advocate

Critical Authentication VLAN: MDA Mode

Can you paste the show version output for me?

Thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*
Beginner

Critical Authentication VLAN: MDA Mode

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Thu 02-Dec-10 08:16 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x01800000

ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Authenticator uptime is 2 days, 4 hours, 29 minutes

System returned to ROM by power-on

System image file is "flash:/c2960-lanbasek9-mz.122-55.SE1.bin"

Switch Ports Model             SW Version            SW Image

------ ----- -----             ----------           ----------

*   1 26   WS-C2960-24TT-L   12.2(55)SE1           C2960-LANBASEK9-M

Advocate

Critical Authentication VLAN: MDA Mode

Marco,

I also see the same issue you are seeing and I am running 12.2(58)SE on a 2960S. Give me some time to see what I can find, if you need immediate assistance I would suggest opening a tac case and posting what the resolution steps are.

thanks,

tarik Admani

Tarik Admani
*Please rate helpful posts*
Beginner

Critical Authentication VLAN: MDA Mode

If the problem can be solved by next week, that will be fine.

  Thanks for their help.

Best regards Marco

Beginner

Critical Authentication VLAN: MDA Mode

Hello Tarik Admani, are there some new information about the problem?

Best regards Marco

Advocate

Critical Authentication VLAN: MDA Mode

Marco,

Please open a TAC case and see if an engineer can help you, either there is a bug in the documentation or there is a bug in this version of code. Once you get an answer please share with this forum.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

Critical Authentication VLAN: MDA Mode

I have not the right to open a TAC. Can you open a ticket, please?

Best regards Marco

Advocate

Critical Authentication VLAN: MDA Mode

I dont work for Cisco, so i dont have the ability to do so. However please contact your partner, or Cisco account rep so they can get you the proper support for this.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*