Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x Multi-Domain - Avaya Phone

We are implementing Avaya IP Phones in 2960 switches with Cisco Multi-Domain Authentication but there is a strange behavior.

When the Phone is connected to the port of the switch, it puts the port in err-disable state (shutdown) and logs the following message:

05:24:35: %DOT1X-5-SECURITY_VIOLATION: Security violation on the interface FastEthernet0/45, new MAC address 0004.0de1.f533 is seen. f

05:24:35: %PM-4-ERR_DISABLE: security-violation error detected on Fa0/45, putting Fa0/45 in err-disable state

If a PC is connected to the port or the port is configured in single-host or multi-host mode there is no error but the customer need to use multi-domain to authenticate the PC and Phone.

Anyone see this? What could cause the errdisable state?

1 REPLY
New Member

Re: 802.1x Multi-Domain - Avaya Phone

Hi, if you use MDA there is a maximum of 1 MAC-addresses authenticated per auhtentication domain (DATA, VOICE).

If both are authenticated PC in DATA and Phone in VOICE-Domain, and then the Phone is sending for example a packet untagged, so it appears in the DAT-domain. Because there is already the PC authenticated in the DATA-domain and a new MAC appears a security-violation occours and the port is err-disabled

hubert

934
Views
5
Helpful
1
Replies