Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
0
Helpful
0
Replies

Dot1x with Multi-Domain vs Multi-Auth

CSCO11854658
Level 1
Level 1

‎08-29-2015 07:10 AM - edited ‎03-08-2019 01:33 AM

Hello,

We had configured dot1x on ports of Switch ports with authentication host-mode multi-domain and ports were going to err-disabled mode.

This was rectified once we configured port to authentication host-mode multi-auth.

 

PC are connected through IP phones and below is switchport configuration. IP phones are profiled correctly in ISE.

switchport access vlan 200
 switchport mode access
 switchport voice vlan 1100
 ip access-group ACL-ALLOW in
 authentication event fail action next-method
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable

 

 

We would like to know why is it going to error disabled mode and how can we rectify  issue caused by using multi-domain.

This was working fine for more than three months with multi-domain and faced this issue on next day of ISE 1.4  patch update (Patch-3).

 

Switch details:

·         WS-C3750X-48P

·         IOS-C3750E-UNIVERSALK9-M

·         Version 15.0(2)SE7

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents