cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

198
Views
10
Helpful
6
Replies
Beginner

WS-C2960+48PST-S es compatible con ISE ??

Actualmente nos encontramos instalando una autenticación por red  cableada  con ISE, este modelo de equipo WS-C2960 + 48PST-S es compatible con ISE ??

Everyone's tags (1)
6 REPLIES 6
VIP Advisor

Re: WS-C2960+48PST-S es compatible con ISE ??

i will try to help if this was written in English..or wait for Local Language person can respond soon.

BB
*** Rate All Helpful Responses ***
Beginner

Re: WS-C2960+48PST-S es compatible con ISE ??

We are implementing a network wired authentication with ISE, we have Switch models WS-C2960 + 48PST-S, the question is whether these devices are compatible with ISE... and if they are compatible which the universal configuration for implementation with ISE?

VIP Advisor

Re: WS-C2960+48PST-S es compatible con ISE ??

yes, they are compatible with an implement with 802.1X

 

here is the matrix for 2.4

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html

BB
*** Rate All Helpful Responses ***
Beginner

Re: WS-C2960+48PST-S es compatible con ISE ??

Currently I have this configuration in the interface, but my phone avaya can not log in, if I connect a PC if it authenticates, there will be some script

 

 

interface GigabitEthernet1/0/7
description Prueba ISE
switchport access vlan x
switchport mode access
switchport voice vlan x
authentication event fail action next-method
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
spanning-tree bpduguard enable
end

Highlighted
VIP Advisor

Re: WS-C2960+48PST-S es compatible con ISE ??

On high leveyou need multi-domain

 

authentication host-mode multi-auth

multi-auth: Multiple mac addresses can be in DATA domain (all authenticated individually) and only 1 MAC address can be in Voice domain.  it should work as epxected

 

Also change to below and test

authentication host-mode multi-domain

 

 

802.1X multi-authentication feature allows multiple end-user hosts to authenticate on a single port.

802.1X multi-domain authentication is the feature used to authenticate an IP phone and an end-user host to different VLANs while on the same port.

 

also check the Logs in ISE what is the reason was failing.

BB
*** Rate All Helpful Responses ***
Beginner

Re: WS-C2960+48PST-S es compatible con ISE ??

Enter the command 

authentication host-mode multi-domain

 

Igot the folowing 

 

 

Oct 10 10:25:16.273: %DOT1X-5-FAIL: Authentication failed for client (ccf9.54a0.9fba) on Interface Fa0/27 AuditSessionID AC1045650000312FF869A9D1
Oct 10 10:25:16.273: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (ccf9.54a0.9fba) on Interface Fa0/27 AuditSessionID AC1045650000312FF869A9D1
Oct 10 10:25:16.273: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (ccf9.54a0.9fba) on Interface

Fa0/27 AuditSessionID AC1045650000312FF869A9D1
Oct 10 10:25:16.273: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (ccf9.54a0.9fba) on Interface Fa0/27 AuditSessionID AC1045650000312FF869A9D1
Oct 10 10:25:16.273: %DOT1X_SWITCH-5-ERR_VLAN_EQ_VVLAN: Data VLAN 150 on port FastEthernet0/27 cannot be equivalent to the Voice VLAN AuditSessionID AC1045650000312FF869A9D1
Oct 10 10:25:16.273: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (ccf9.54a0.9fba) on Interface Fa0/27 AuditSessionID AC1045650000312FF869A9D1
Oct 10 10:25:16.273: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (ccf9.54a0.9fba) on Interface Fa0/27 AuditSessionID AC1045650000312FF869A9D1

 

Log's ISE attached

 

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards