Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Critical Authentication VLAN: MDA Mode

Hello again

One problem is solved, but another problem has come.

I use the MDA Mode. And if the radius is not available, the voice and data device will placed in the data domain.

A security voliation blocked the port after: SECURITY_VIOLATION: Security violation on the interface FastEthernet0/1, new MAC address...

What can I do? Only the data device should placed in the critical VLAN.The voice device should not move in any vlan, when this szenario ocur.

I use IOS 12.2.(55)SE1.

Here a short excert of the configuration:

interface FastEthernet0/1

switchport mode access

switchport voice vlan 2

authentication event server dead action authorize vlan 3

authentication event server alive action reinitialize

authentication host-mode multi-domain

authentication port-control auto

dot1x pae authenticator

Thanks for any help.

Marco Serato

Everyone's tags (4)
12 REPLIES

Critical Authentication VLAN: MDA Mode

Marco,

A new feature which is the critical voice vlan feature is out to support this:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_8021x/configuration/15-2mt/crit-vce-vlan-supp.html

Here is the command you need to run based off the configuration guide:

authentication event server dead action authorize voice

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1547387

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Re: Critical Authentication VLAN: MDA Mode

I have read this article. But the command does not work in my IOS. This command is for Cisco IOS Release 15.2M&T. I typed this command on the interface, is this right?

Authenticator(config-if)#$ion event server dead action authorize voice

authentication event server dead action authorize voice (unter vo is the '^'. It seems he doesn´t know voice )

                                                                         ^                                              

% Invalid input detected at '^' marker.

Critical Authentication VLAN: MDA Mode

Marco,

This is the same switch which is running 12.2(55)SE also what model switch is this?

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Critical Authentication VLAN: MDA Mode

It is a Catalyst 2960.

Marco Serato

Critical Authentication VLAN: MDA Mode

Can you paste the show version output for me?

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Critical Authentication VLAN: MDA Mode

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Thu 02-Dec-10 08:16 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x01800000

ROM: Bootstrap program is C2960 boot loader

BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Authenticator uptime is 2 days, 4 hours, 29 minutes

System returned to ROM by power-on

System image file is "flash:/c2960-lanbasek9-mz.122-55.SE1.bin"

Switch Ports Model             SW Version            SW Image

------ ----- -----             ----------           ----------

*   1 26   WS-C2960-24TT-L   12.2(55)SE1           C2960-LANBASEK9-M

Critical Authentication VLAN: MDA Mode

Marco,

I also see the same issue you are seeing and I am running 12.2(58)SE on a 2960S. Give me some time to see what I can find, if you need immediate assistance I would suggest opening a tac case and posting what the resolution steps are.

thanks,

tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Critical Authentication VLAN: MDA Mode

If the problem can be solved by next week, that will be fine.

  Thanks for their help.

Best regards Marco

New Member

Critical Authentication VLAN: MDA Mode

Hello Tarik Admani, are there some new information about the problem?

Best regards Marco

Critical Authentication VLAN: MDA Mode

Marco,

Please open a TAC case and see if an engineer can help you, either there is a bug in the documentation or there is a bug in this version of code. Once you get an answer please share with this forum.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Critical Authentication VLAN: MDA Mode

I have not the right to open a TAC. Can you open a ticket, please?

Best regards Marco

Critical Authentication VLAN: MDA Mode

I dont work for Cisco, so i dont have the ability to do so. However please contact your partner, or Cisco account rep so they can get you the proper support for this.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
791
Views
0
Helpful
12
Replies
CreatePlease login to create content