07-22-2009 03:05 AM - edited 03-10-2019 04:36 PM
Hello,
I try to do MAB authentification for a non-cisco phone. My port config is :
switchport mode access
switchport nonegotiate
switchport voice vlan 41
dot1x mac-auth-bypass
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x guest-vlan 100
dot1x auth-fail vlan 100
no cdp enable
spanning-tree portfast
It seems that the 2960 switch doesn't even try to do MAB on voice vlan because it try to do CDP.
If i don't use voice vlan, the phone can authenticate with MAB but I cannot connect a pc behind the phone
Regards
07-22-2009 05:05 AM
Would not recommend multi-host mode, since it intentionally allows port piggybacking.
You need MDA. See here:
This will allow you to MAB the phone, treat it as a phone, then do the same for the PC as well.
HTH,
07-22-2009 05:42 AM
I've tried this technote, the problem is when command 'switchport voice vlan' my switch automaticaly try to detect the phone via cdp and doesn't fallback to authenticate phone via MAB
I'm using catalyst 2960 12.2.25 SEE3
Regards
07-22-2009 05:45 AM
If you have MDA enabled it won't. Also, I thought you have non-cisco phones? ;-).
HTH,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide