Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

802.1x authentication problem

Hi ,

  We have 3750 switch and IP phone is connected to one of the switch port ,PC is connected to IP phone.The switch port is enabled for 802.1x authentication . we need to first  reset the IP phone only after that PC is getting conected in network.Could any body please help.Below is port configuration.

interface FastEthernet0/2
description IP Phone and PC Port
switchport access vlan 500
switchport mode access
switchport voice vlan 25
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
dot1x guest-vlan 20
dot1x auth-fail vlan 20
spanning-tree portfast
spanning-tree bpduguard enable

New Member

Re: 802.1x authentication problem


     I saw your post while searching for the answer to a different problem. I'll just reply quickly as I'm flat out.

You should run 12.2.50 or later on your switch as there is all kinds of 802.1x features added and bugs fixed in that release. I run 12.2.52 and it works.

It sounds like your phone firmware does not support cdp 2nd port notification. That's the feature you need so that the phone uses CDP to tell the switch when the PC is plugged in which starts the dot1x authentication process.

This feature is only in reasonably recent phone firmware. I have a 7941 running 9.0.2SR1S and it is in there. I think the latest 8.x releases have it as well.

You also need to make sure your supplicant is setup correctly on your pc for dot1x to work, that depends on your OS.

Set those two things up for a start, that might help you.

CDP should show this: note the bit about 2nd port up

sh cdp nei det
Platform: Cisco IP Phone 7941,  Capabilities: Host Phone Two-port Mac Relay
Interface: FastEthernet0/7,  Port ID (outgoing port): Port 1
Holdtime : 158 sec
Second Port Status: Up

Version :

Hope this gets you moving.


CreatePlease to create content