Yes, I am using cisco phones. CDP is enabled, I can see all neighborhood Cisco devices.
Multi-host is working for me now but the doubt is why PacketFence is not authenticating my ip phones. Not just ip phone, even my end systems are not authenticated using mab, there is something wrong with my MAB configuration I think. All my end systems are authenticated using dot1x only. On Tue, Mar 23, 2021, 20:10 Thomas Michel via PacketFence-users < [email protected]> wrote: > Hi, > > > authentication host-mode multi-host means that if a single device is > authenticated all devices can access the network. So in your configuration > it works as expected. > > Are you using Cisco phones? If not, try to use authentication host-mode > multi-auth, which means each new mac address needs to authenticate itself. > Otherwise you can use multi-domain mode. > > Also, you might want to remove the switchport port-security command, they > are not needed in a dotx environment. > > If using cisco phones make sure CDP is enabled on the switch. > > Usefull troubleshooting command is "debug dot1x events" to see what > happens when you connect a device and show authetication session interface > <interface> detail to see all dot1x configuration and authentications on > the switchport. > > "show cdp neighbors" will show you if a cisco phone is discovered. > > Regards, > > Tom. > Am 22.03.2021 um 18:14 schrieb NITISH AGGARWAL via PacketFence-users: > > Only my pc got authenticated via dot1x and no authentication for phone . > Although my phone keeps on working no matter it is not authenticated. > > But if I used "authentication host mode as multi-domain" instead of > multi-host all stops because my phone not gets authenticated then and > struck in provisioning. > > On Mon, Mar 22, 2021, 22:32 Ludovic Zammit <[email protected]> wrote: > >> Connect both of them and show me the result of this command: >> >> show authentication session int YOUR_INTERFACE detail >> >> Thanks, >> >> >> Ludovic Zammit >> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Mar 22, 2021, at 12:55 PM, NITISH AGGARWAL <[email protected]> >> wrote: >> >> Voice vlan 100 and access vlan 10 >> >> On Mon, Mar 22, 2021, 22:23 Ludovic Zammit <[email protected]> wrote: >> >>> What’s your voice VLAN id ? >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> >>> >>> On Mar 22, 2021, at 12:13 PM, NITISH AGGARWAL <[email protected]> >>> wrote: >>> >>> switchport mode access >>> Switchport access vlan 10 >>> switchport voice vlan 100 >>> switchport port-security mac-address sticky 0200.000x.xxxx >>> switchport port-security maximum 2 >>> authentication host-mode multi-host >>> authentication order dot1x mab >>> authentication priority dot1x mab >>> authentication port-control auto >>> authentication periodic >>> mab >>> no snmp trap link-status >>> dot1x pae authenticator >>> dot1x timeout quiet-period 2 >>> dot1x timeout tx-period 3 >>> >>> >>> On Mon, Mar 22, 2021, 20:12 Ludovic Zammit <[email protected]> wrote: >>> >>>> Hello, >>>> >>>> Show me the interface configuration that you have on your switch where >>>> you plug your phone. >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic Zammit >>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mar 18, 2021, at 8:27 AM, NITISH AGGARWAL via PacketFence-users < >>>> [email protected]> wrote: >>>> >>>> Hi, >>>> >>>> I have setup PacketFence as per guide. Dot1x is enabled and working but >>>> I am not able to use MAB. Due to which my ip phones are not get >>>> authenticated. >>>> >>>> In switch (cisco 2960) I was using authentication host-mode as >>>> multi-domain and MAB is enable. But since it was not authenticating I am >>>> using host-mode as multi-host. Now my system and phone is working but it is >>>> not authenticating my ip phone which is causing problem sometimes. I am not >>>> able to resolve the issue please suggest what needs to be done >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> >>> >> > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
