Hello,
i recently joined company and i found point that i want to clear out , our setup is like Cisco Switches enabled with Dot1x, MAB, Clear pass being used as AAA Server, my Question is that whenever i check any interface i don't see any authentication session for IP-phones and they are working very fine even though ports are enabled with dot1x and MAB Authentication.
another point is that i always see the IP phones mac address learned as Static which is something would be fine if they being authenticated but i dont see any authentication sessions for them, please if someone can help on explaining this behavior.
Note:
below is the MAC address output for single Interface:
#sh mac address-table int g 2/0/18
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
76 6879.092c.3d58 STATIC Gi2/0/18
Below is the Interface Configuration:-
switchport access vlan 15
switchport mode access
switchport voice vlan 76
authentication host-mode multi-host
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
mab
dot1x pae authenticator
dot1x timeout tx-period 60
dot1x max-reauth-req 10
spanning-tree portfast
spanning-tree bpduguard enable
end