Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

MAB on Voice Vlan for non-Cisco phone

Hello,

I try to do MAB authentification for a non-cisco phone. My port config is :

switchport mode access

switchport nonegotiate

switchport voice vlan 41

dot1x mac-auth-bypass

dot1x pae authenticator

dot1x port-control auto

dot1x host-mode multi-host

dot1x guest-vlan 100

dot1x auth-fail vlan 100

no cdp enable

spanning-tree portfast

It seems that the 2960 switch doesn't even try to do MAB on voice vlan because it try to do CDP.

If i don't use voice vlan, the phone can authenticate with MAB but I cannot connect a pc behind the phone

Regards

3 REPLIES
Cisco Employee

Re: MAB on Voice Vlan for non-Cisco phone

Would not recommend multi-host mode, since it intentionally allows port piggybacking.

You need MDA. See here:

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml#MDA

This will allow you to MAB the phone, treat it as a phone, then do the same for the PC as well.

HTH,

Community Member

Re: MAB on Voice Vlan for non-Cisco phone

I've tried this technote, the problem is when command 'switchport voice vlan' my switch automaticaly try to detect the phone via cdp and doesn't fallback to authenticate phone via MAB

I'm using catalyst 2960 12.2.25 SEE3

Regards

Cisco Employee

Re: MAB on Voice Vlan for non-Cisco phone

If you have MDA enabled it won't. Also, I thought you have non-cisco phones? ;-).

HTH,

1224
Views
0
Helpful
3
Replies
CreatePlease to create content