Voice Vlan authentication host-mode multi-auth vs multi-host
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2024 11:58 AM
I have a weird issue relating to 802.1x. For 3 yrs now we have had 802.1x working with port set to authentication host-mode multi-auth. Last week, our phones stopped being placed on Voice VLAN 40 & get placed on VLAN 1. If I change the 802.1x port to authentication host-mode multi-host the phone gets placed on Voice VLAN 40??? Has anyone seen this before? It has been set up like this for years. We are using CLEARPASS radius servers in the cloud. It is just weird.
- Labels:
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2024 12:05 PM
Can I see SW config
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2024 12:12 PM
I have attached the config. This is happening to all our Cisco Switches. I am not sure why. This isn't a new configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2024 12:23 PM
Attached is a sh MAC Address-Table. All the ones connected to VLAN 40 have Multi-Host authentication. All the rest have multi-auth on the port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2024 12:34 PM
Can I see also
show authc session interface x/x detail
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2024 10:44 AM
You want this from a port that is failing?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2024 10:52 AM
Yes please
MHM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2024 09:33 AM
Chnage the authentication mode to multi-domain. here is the command.
int g0/1
authentication host-mode multi-domain
multi-domain: Only 1 mac address can be in DATA domain and only 1 mac address can be in VOICE domain
there is no need to put "switchport port-security maximum 2" as the multi-domain allows two devices, Data and Voice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2024 10:42 AM
I know that Multi-Domain works. I need to figure out why multi-auth stopped working.
