02-27-2019 11:10 PM
Hi,
I have laptop connected behind IP phone, and problem is, when laptop disconnects from LAN, port still remains authenticated. On PCs I use dot1x and on IP phones MAB, so host-mod is configured to multi-domain. Is there any solution how to prevent this issue? Or is it normal behavior?
if I issue command when laptop is removed from port:
Gi2/0/8 8c16.4531.b482 dot1x DATA Authz Success ID 0A0164020000143CAA1D96CB
Gi2/0/8 70ca.9b9f.45a0 mab VOICE Authz Success ID 0A0164020000143DAA1DA297
port config
interface GigabitEthernet2/0/8
switchport access vlan 10
switchport mode access
switchport nonegotiate
switchport voice vlan 30
switchport port-security maximum 10
switchport port-security aging time 1
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
authentication host-mode multi-domain
authentication order dot1x mab
authentication port-control auto
mab
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 3
auto qos trust
spanning-tree portfast
spanning-tree bpduguard disable
ip dhcp snooping limit rate 50
02-28-2019 02:55 AM
02-28-2019 03:10 AM
Hi,
Would you please share the IOS code and platform?
02-28-2019 03:18 AM
PS is disabled, correct me if Im wrong
additional info about HW:
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 16:56 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x01B00000
cisco WS-C2960S-48FPS-L
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide