Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1254
Views
5
Helpful
1
Replies

802.1x Multi-Domain - Avaya Phone

fabio.cunha
Level 1
Level 1

‎01-11-2008 05:57 AM - edited ‎03-05-2019 08:24 PM

We are implementing Avaya IP Phones in 2960 switches with Cisco Multi-Domain Authentication but there is a strange behavior.

When the Phone is connected to the port of the switch, it puts the port in err-disable state (shutdown) and logs the following message:

05:24:35: %DOT1X-5-SECURITY_VIOLATION: Security violation on the interface FastEthernet0/45, new MAC address 0004.0de1.f533 is seen. f

05:24:35: %PM-4-ERR_DISABLE: security-violation error detected on Fa0/45, putting Fa0/45 in err-disable state

If a PC is connected to the port or the port is configured in single-host or multi-host mode there is no error but the customer need to use multi-domain to authenticate the PC and Phone.

Anyone see this? What could cause the errdisable state?

Labels:
0 Helpful
1 Reply 1

HUBERT RESCH
Level 3
Level 3

‎01-16-2008 01:40 AM

Hi, if you use MDA there is a maximum of 1 MAC-addresses authenticated per auhtentication domain (DATA, VOICE).

If both are authenticated PC in DATA and Phone in VOICE-Domain, and then the Phone is sending for example a packet untagged, so it appears in the DAT-domain. Because there is already the PC authenticated in the DATA-domain and a new MAC appears a security-violation occours and the port is err-disabled

hubert

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card