Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
3
Replies

port remains authenticated 802.1x

vlad09
Level 1
Level 1

‎02-27-2019 11:10 PM

Hi,

 

I have laptop connected behind IP phone, and problem is, when laptop disconnects from LAN, port still remains authenticated. On PCs I use dot1x and on IP phones MAB, so host-mod is configured to multi-domain. Is there any solution how to prevent this issue? Or is it normal behavior?

if I issue command when laptop is removed from port:

Gi2/0/8 8c16.4531.b482 dot1x DATA Authz Success ID 0A0164020000143CAA1D96CB
Gi2/0/8 70ca.9b9f.45a0 mab VOICE Authz Success ID 0A0164020000143DAA1DA297

 

port config

interface GigabitEthernet2/0/8
switchport access vlan 10
switchport mode access
switchport nonegotiate
switchport voice vlan 30
switchport port-security maximum 10
switchport port-security aging time 1
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
authentication host-mode multi-domain
authentication order dot1x mab
authentication port-control auto
mab
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust
spanning-tree portfast
spanning-tree bpduguard disable
ip dhcp snooping limit rate 50

Labels:
0 Helpful
3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

‎02-28-2019 02:55 AM

Hi
You shouldnt use PS with MAB its bad practice can cause issue with authentications as there both doing it , screws voice for sure happened to us they constantly kept re-authenticating phones , TAC sent me a doc trying to find it now but it states it in that 1 line somewhere , had to globally remove PS after ISE/NAC rollout
0 Helpful

MUHAMMAD TAYYAB MUNIR
Level 1
Level 1

‎02-28-2019 03:10 AM

Hi,

 

Would you please share the IOS code and platform?

*** Please rate all helpful responses and mark solutions***
0 Helpful

vlad09
Level 1
Level 1
In response to MUHAMMAD TAYYAB MUNIR

‎02-28-2019 03:18 AM

PS is disabled, correct me if Im wrong

 

additional info about HW:

Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 16:56 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01B00000

cisco WS-C2960S-48FPS-L

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card