cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1341
Views
10
Helpful
26
Replies

IP Phone Mac Authentication on Cisco Switches

Hello, 

i recently joined company and i found point that i want to clear out , our setup is like Cisco Switches enabled with Dot1x, MAB,  Clear pass being used as AAA Server, my Question is that whenever i check any interface i don't see any authentication session for IP-phones and they are working very fine even though ports are enabled with dot1x and MAB Authentication.

another point is that i always see the IP phones mac address learned as Static which is something would be fine if they being authenticated but i dont see any authentication sessions for them, please if someone can help on explaining this behavior.

Note: 

below is the MAC address output for single Interface:

#sh mac address-table  int g 2/0/18 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  76    6879.092c.3d58    STATIC      Gi2/0/18 

 

Below is the Interface Configuration:-

switchport access vlan 15
switchport mode access
switchport voice vlan 76
authentication host-mode multi-host
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
mab
dot1x pae authenticator
dot1x timeout tx-period 60
dot1x max-reauth-req 10
spanning-tree portfast
spanning-tree bpduguard enable
end

1 Accepted Solution

Accepted Solutions

Hello @aliwadmedaniadclick ,

>> Oper host mode: multi-host

This is the key point with multi host only host on the Port performs the authentication and all other devices will use this session.

>> authentication host-mode multi-host

Hope to help

Giuseppe

 

View solution in original post