MAB on Voice Vlan for non-Cisco phone

Unanswered Question
Jul 22nd, 2009


I try to do MAB authentification for a non-cisco phone. My port config is :

switchport mode access

switchport nonegotiate

switchport voice vlan 41

dot1x mac-auth-bypass

dot1x pae authenticator

dot1x port-control auto

dot1x host-mode multi-host

dot1x guest-vlan 100

dot1x auth-fail vlan 100

no cdp enable

spanning-tree portfast

It seems that the 2960 switch doesn't even try to do MAB on voice vlan because it try to do CDP.

If i don't use voice vlan, the phone can authenticate with MAB but I cannot connect a pc behind the phone


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ccr_cisco Wed, 07/22/2009 - 05:42

I've tried this technote, the problem is when command 'switchport voice vlan' my switch automaticaly try to detect the phone via cdp and doesn't fallback to authenticate phone via MAB

I'm using catalyst 2960 12.2.25 SEE3


jafrazie Wed, 07/22/2009 - 05:45

If you have MDA enabled it won't. Also, I thought you have non-cisco phones? ;-).



This Discussion