We have 3750 switch and IP phone is connected to one of the switch port ,PC is connected to IP phone.The switch port is enabled for 802.1x authentication . we need to first reset the IP phone only after that PC is getting conected in network.Could any body please help.Below is port configuration.
interface FastEthernet0/2 description IP Phone and PC Port switchport access vlan 500 switchport mode access switchport voice vlan 25 mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone dot1x pae authenticator dot1x port-control auto dot1x violation-mode protect dot1x guest-vlan 20 dot1x auth-fail vlan 20 spanning-tree portfast spanning-tree bpduguard enable
I saw your post while searching for the answer to a different problem. I'll just reply quickly as I'm flat out.
You should run 12.2.50 or later on your switch as there is all kinds of 802.1x features added and bugs fixed in that release. I run 12.2.52 and it works.
It sounds like your phone firmware does not support cdp 2nd port notification. That's the feature you need so that the phone uses CDP to tell the switch when the PC is plugged in which starts the dot1x authentication process.
This feature is only in reasonably recent phone firmware. I have a 7941 running 9.0.2SR1S and it is in there. I think the latest 8.x releases have it as well.
You also need to make sure your supplicant is setup correctly on your pc for dot1x to work, that depends on your OS.
Set those two things up for a start, that might help you.
CDP should show this: note the bit about 2nd port up
sh cdp nei det ------------------------- Platform: Cisco IP Phone 7941, Capabilities: Host Phone Two-port Mac Relay Interface: FastEthernet0/7, Port ID (outgoing port): Port 1 Holdtime : 158 sec Second Port Status: Up
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...