My test setup consists of an HP laptop and docking station, connected to a Cisco 7975 IP phone, connected to a 4510 switch.
The phone authenticates using MAB
PC/Laptops using Dot1x
ACS 5.4.0
When I dock and power up, the laptop connects fine with Dot1x. it uses PEAP and authenticates against AD with my Computer name and Username.
This works perfect
When I dock after being undocked for a while it wants to authenticate my laptop with it's MAC address and use "lookup"
then fails and moves to vlan 502
I have tried many combinations with my port config and no luck.
Below is my port config
interface GigabitEthernet1/12
switchport access vlan 5xx
switchport mode access
switchport voice vlan 5xx
ip arp inspection limit rate 75 burst interval 3
authentication event fail action authorize vlan 502
authentication event no-response action authorize vlan 502
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
qos trust device cisco-phone
spanning-tree portfast
service-policy input CISCO-IPPHONE
ip dhcp snooping limit rate 50
end
