cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


117
Views
0
Helpful
0
Replies
Highlighted
Beginner

dot1x host-mode multi-domain not available

We just received Cisco 4321 and 4331 routers with 2x NIM-ES2-8-P modules installed that we planned on using to backfill older switches and routers in areas with less than 14 users. The switch ports on the modules will be used as access ports and company policy is to configure all access ports with MAB authentication for all workstations and VoIP phones. We used the configuration below on the ports, but the problem is the VoIP phones won't authenticate; the option to use dot1x host-mode multi-domain is not available (see output).

We have IP Base licenses and the securityK9 license activated, not sure if it's an IOS defect, that way on purpose, I don't have a certain license, or if I'm missing a command to activate it. Any ideas on how we can get VoIP working with this scenario?

 

!==== Basic interface ====

interface GigabitEthernet0/1/0
description //Access Port//
switchport access vlan 2
switchport mode access
switchport nonegotiate
switchport voice vlan 3
switchport priority extend trust
no logging event link-status
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x mac-auth-bypass
spanning-tree portfast
spanning-tree bpduguard enable
end

!==== Missing 'multi-domain'====
Router(config-if)#dot1x host-mode ?
multi-host Multiple Host Mode
single-host Single Host Mode
!====

!==== aaa configs (radius server config ommited) ====
aaa new-model
!
!
aaa group server radius RAD-Servers
server name rad2
server name rad3
ip radius source-interface Vlan20
!

aaa authentication dot1x default group RAD-Servers
aaa authorization network default group RAD-Servers
aaa accounting dot1x default start-stop group RAD-Servers
!

dot1x system-auth-control
CreatePlease to create content
Content for Community-Ad
Ask the Expert- DMVPN on Cisco routers