Kashish, Pretty sure you meant MDA puts it on either on DATA or VOICE "domain." You have to create a RULE in your RADIUS server that places VOIP phones into VOICE domain. If you look at topics I responded to, you will see what I have gone through. Sent from Cisco Technical Support iPhone App ... View more

Mac-move is enabled by default. Unfortunately, authentication violation replace is not an option in my network. Thank you for the response. Sent from Cisco Technical Support iPhone App ... View more

With SINGLE RADIUS-SERVER GROUP configured, dot1x computer authenticates only once (if lucky), and then switch reload is needed. global config dot1x system-auth-control aaa authentication dot1x default group radius aaa authentication network default group radius aaa accounting network default start-stop group radius radius-server host 192.168.128.123 auth-port 1812 acct-port 1646 key radkey radius-server host 192.168.128.121 auth-port 1645 acct-port 1646 key radkey radius-server vsa send cisco-nas-port radius-server vsa send accounting radius-server vsa send authentication interface config: sw mode access sw access vlan ID sw voice vlan ID auth host-mode multi-domain authentication order mab dot1x authentication priority mab dot1x authentication port-control auto authentication periodic mab dot1x pae authenticator dot1x timeout tx-period 3 span portfast span bpduguard enable I reconfigured the switch with TWO RADIUS SERVER GROUPS, now port-security is triggered. global config for TWO radius server-group: aaa group server radius RADIUS-PRI server 192.168.128.123 auth-port 1812 acct-port 1646 aaa group server radius RADIUS-SEC server 192.168.128.121 aaa authentication dot1x default group RADIUS-PRI group RADIUS-SEC aaa authorization network default group RADIUS-PRI group RADIUS-SEC aaa accounting dot1x default start-start group RADIUS-PRI group RADIUS-SEC Thank you, A Message was edited by: Adam Andersen, logs uploaded. ... View more

Agree with Jatin. The only defaul admin account is "acsadmin." Sent from Cisco Technical Support iPhone App ... View more

Im using Cisco ACS for 802.1x with mab, and Im having the same issue. I cant even move to another port as it fails to authenticate. My logs are looks similar to yours. Sent from Cisco Technical Support iPhone App ... View more

have you tried this WoL command? "authentication control direction both" Sent from Cisco Technical Support iPhone App ... View more

extend system-id enabled and no adverse impact. Sent from Cisco Technical Support iPhone App ... View more

I, too, am having issue. Solutions attempted, but still failed: 1. entered tacacs key again 2. restarted Cisco ACS 5.2 server 3. added "ip tacacs source-interface" command Here's the original post I created.  I didnt know what to search originally, so created a separate topic/thread. https://supportforums.cisco.com/thread/2203407 Thank you, Adam ... View more

Giuseppe, I have 3 distro switch have a priority value of 16384. The main distro switch connected to my router has a value of 8192. I, too, received the same message when I attempted to create VLAN1725.  I have successfully created the SVI for the said VLAN.  Should I enable spanning-tree extend system-id during after-hours?  You mentioned that the impact is limited, what's the worst thing that could happen? Thank you. ... View more