Core issue
The Multi-Domain Authentication (MDA) provides enhanced security for IP phone deployments. This allows an IP phone, either a Cisco or a third-party phone, and a single host behind the IP phone to independently authenticate with 802.1x.
What is 802.1x?
- 802.1x is an IEEE standard for wireless networks. 802.1x is different than 802.11
- The 802.1x standard enables an effective framework for authenticating and controlling user traffic to a protected network. 802.1x allows wireless services to have centralized authentication of wireless users or stations. 802.1x ties a protocol called Extensible Authentication Protocol (EAP) to the wireless local area network (WLAN) media.
Resolution
The MDA is currently not supported on the Catalyst 4500 platform. This feature is only available on the 3560/3750 switches at this time with Cisco IOS Software Release 12.2(35)SE.
The Catalyst 4500 supports this feature in the future Cisco IOS Software Release 12.2(37)SG.
In order to configure the MDA on the Catalyst 3560 switch with Cisco IOS Software Release 12.2.35 SE, refer to this configuration example:
Switch(config)#interface gigabitethernet0/1
Switch(config-if)#dot1x port-control auto
Switch(config-if)#dot1x host-mode multi-domain
Switch(config-if)#switchport voice vlan 101
Switch(config-if)#end
Refer to the Using Multidomain Authentication section of Configuring IEEE 802.1x Port-Based Authentication for more information.