I have an C4506 with a WS-X4548-GB-RJ45V module. I am running version Version 12.2(54)SG, I have implementet 802.1X on the access-ports but I can´t get multi-domain configuration to work.
Mostly the PC-client is connected to the phone and the phone is connected to the switchport. In the ACS5.1 loggs the client and telephone are authenticated correctly, The client runns EAP-TLS and the phone does MAB. The PC gets an IP address but it can´t reach anything, not even his default gateway.
When I switch to multi-host it works and the client , and phone is able to communicate, but then I have security issues and timeout problems.
DOES ANY ONE OUT THERE HAVE THE SAME PROBLEM ??
Below is my portconfiguration.
interface GigabitEthernet6/40 description 802.1X enablad port ANC70101D03 switchport mode access switchport voice vlan 94 qos trust device cisco-phone authentication event fail action authorize vlan 229 authentication event server dead action authorize vlan 229 authentication event no-response action authorize vlan 229 authentication host-mode multi-domain authentication order dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server mab no snmp trap link-status dot1x pae authenticator dot1x timeout quiet-period 5 dot1x timeout tx-period 5 spanning-tree portfast service-policy input voice-services end
Hi , It has to be a bug, I have logged a case with TAC " CaseID:615560039. The thing is that if I run multi-host mode everythning works , but then you have security issues, if I run multi-domain the client and phone gets an IP address but are not able to communicate (ex ping there default GW). The output of the commands you requested looks okej, in multi-domain you have one voice and one data , and in multi-host you have one data....
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :