We just received Cisco 4321 and 4331 routers with 2x NIM-ES2-8-P modules installed that we planned on using to backfill older switches and routers in areas with less than 14 users. The switch ports on the modules will be used as access ports and company policy is to configure all access ports with MAB authentication for all workstations and VoIP phones. We used the configuration below on the ports, but the problem is the VoIP phones won't authenticate; the option to use dot1x host-mode multi-domain is not available (see output).

We have IP Base licenses and the securityK9 license activated, not sure if it's an IOS defect, that way on purpose, I don't have a certain license, or if I'm missing a command to activate it. Any ideas on how we can get VoIP working with this scenario?

!==== Basic interface ====

interface GigabitEthernet0/1/0
 description //Access Port//
 switchport access vlan 2
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 3
 switchport priority extend trust
 no logging event link-status
 dot1x pae authenticator
 dot1x port-control auto
 dot1x host-mode multi-host
 dot1x mac-auth-bypass
 spanning-tree portfast
 spanning-tree bpduguard enable
end

!==== Missing 'multi-domain'====
Router(config-if)#dot1x host-mode ?
 multi-host Multiple Host Mode
 single-host Single Host Mode
!====

!==== aaa configs (radius server config ommited) ====
aaa new-model
!
!
aaa group server radius RAD-Servers
 server name rad2
 server name rad3
 ip radius source-interface Vlan20
!

aaa authentication dot1x default group RAD-Servers
aaa authorization network default group RAD-Servers 
aaa accounting dot1x default start-stop group RAD-Servers
!

dot1x system-auth-control