I have a switch 3650 with the IP base image IOS 12.2(25) SEE3, a polycom phone SoundPoint IP 430 SIP, A radius server IAS 2003 and a Windows XP PC.
I enabled the windows XP pc for wired authentication ( started the service Wired AutoConfig, added the registry entries AuthMode, SupplicantMode, choose Enable IEEE 802.1x authenticaiton with PEAP, then secured password EAP-MSCHAP-v2.
I configured the RADIUS server for ethernet authentication and domain users. In the profile I choose Eap, mschap v2
The port configuration of the switch is as following:
I plugged the PC directly into the switch port, I got that additional credentials are required for the PC to connect to the network, So I put my username and password for windows and was successfully authenticated.
Then I plugged the PC to the phone( Polycom 430) and the phone into the switch port. the network card appears as attempting to authenticate but it doesn't prompt, and I am not able to access the network, neither I am able to use the phone.( the problem that the authentication packets sent from the PC do not reach the switch, as I see in the debug dot1x (on the switch) comparison when I was connecting the PC alone and when I connected the PC&Phone, the client ID trying to authenticate is different in each case. I will put the debug for both down, when it connects and when it was unable to connect)
I tried dot1x host-mode single-host
I did many changes , one time with single-host and then with multi-host: ( each time , I tried to disable/enable Network card of the PC, and make a phone call in order generate traffic)
First added dot1x mac-auth-bypass - disconnected and reconnected -- didn't work(neither phone , nor PC)
Second in addition to First , i added dot1x control-direction in --- didn't work (neither phone , nor PC).
Then I removed both these settings and I set:
dot1x guest-vlan 155 where 155 is the voice vlan
dot1x auth-fail vlan 155
Nothing was working
Then I added these 2 records, in addition to the dot1x mac-auth-bypass, nothing was working.
In the attachment, I marked with blue font, where I saw the ClientID, After that state-machine record that shows the client ID, I saw that the debug output of the debug changed
CDP is enabled on both the phone and the switch, and when I use show cdp , i see the phone connected to the port.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...