Hi Eng.malak,
The port config provided by you the interface GigabitEthernet1/0/2 is configured for MDA that means an IP phone and a single host behind the IP phone are authenticated independently, even though both the IP phone and host machine are connected to a single switch port on the switch. If more than once device is detected in either domain, a security violation will be triggered. This can be a problem when a phone fails to authenticate properly. If a phone fails authentication, then the switch does not receive the "device-traffic-class=voice" VSA from the radius server and the switch will assume that the failed device was in the data domain. However if there is already a data device behind the phone, there will be now 2 devices in the data domain, and a security violation is triggered. On this port only 2 MAC addresses are allowed. The switch place the client machine in a data vlan and the IP phone in a voice vlan.
Configure the violation mode. The keywords have these meanings:
authentication violation shutdown | restrict | protect | replace}
•shutdown-Error disable the port.
•restrict-Generate a syslog error.
•protect-Drop packets from any new device that sends traffic to the port.
•replace-Removes the current session and authenticates with the new host.
Configuring 802.1x Violation Modes
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/sw8021x.html#wp1324086
~BR
Jatin Katyal
**Do rate helpful posts**
~Jatin
