Voice Vlan authentication host-mode multi-auth vs multi-host

Jeffery-Porter · ‎11-25-2024

I have a weird issue relating to 802.1x. For 3 yrs now we have had 802.1x working with port set to authentication host-mode multi-auth. Last week, our phones stopped being placed on Voice VLAN 40 & get placed on VLAN 1. If I change the 802.1x port to authentication host-mode multi-host the phone gets placed on Voice VLAN 40??? Has anyone seen this before? It has been set up like this for years. We are using CLEARPASS radius servers in the cloud. It is just weird.

MHM Cisco World · ‎11-25-2024

Can I see SW config

MHM

Jeffery-Porter · ‎11-25-2024

I have attached the config. This is happening to all our Cisco Switches. I am not sure why. This isn't a new configuration.

Jeffery-Porter · ‎11-25-2024

Attached is a sh MAC Address-Table. All the ones connected to VLAN 40 have Multi-Host authentication. All the rest have multi-auth on the port.

MHM Cisco World · ‎11-25-2024

Can I see also
show authc session interface x/x detail

MHM

Jeffery-Porter · ‎11-26-2024

You want this from a port that is failing?

MHM Cisco World · ‎11-26-2024

Yes please

MHM

Tiroyaone72926925 · ‎11-26-2024

Chnage the authentication mode to multi-domain. here is the command.

int g0/1

authentication host-mode multi-domain

multi-domain: Only 1 mac address can be in DATA domain and only 1 mac address can be in VOICE domain

there is no need to put "switchport port-security maximum 2" as the multi-domain allows two devices, Data and Voice.

Jeffery-Porter · ‎11-26-2024

I know that Multi-Domain works. I need to figure out why multi-auth stopped working.