Hello, Tomas points are good and he is right.
In order for PF to send out the specific radius reply for a phone, you will need to make you check: - SNMP correctly configure on the switch and/or PF switch Configuration as well - Check the VOIP support for your switch module in PF - Make sure your phone has LLDP / CDP enable for auto-registration - Check the radius reply for that Mac address it should look like this: “Cisco-AVPair = "device-traffic-class=voice"” - Make sure the VOIP box is checked under the Mac address Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 22, 2021, at 2:00 PM, Thomas Michel via PacketFence-users > <[email protected]> wrote: > > Hi, > > > > authentication host-mode multi-host means that if a single device is > authenticated all devices can access the network. So in your configuration it > works as expected. > > Are you using Cisco phones? If not, try to use authentication host-mode > multi-auth, which means each new mac address needs to authenticate itself. > Otherwise you can use multi-domain mode. > > Also, you might want to remove the switchport port-security command, they are > not needed in a dotx environment. > > If using cisco phones make sure CDP is enabled on the switch. > > Usefull troubleshooting command is "debug dot1x events" to see what happens > when you connect a device and show authetication session interface > <interface> detail to see all dot1x configuration and authentications on the > switchport. > > "show cdp neighbors" will show you if a cisco phone is discovered. > > Regards, > > Tom. > > Am 22.03.2021 um 18:14 schrieb NITISH AGGARWAL via PacketFence-users: >> Only my pc got authenticated via dot1x and no authentication for phone . >> Although my phone keeps on working no matter it is not authenticated. >> >> But if I used "authentication host mode as multi-domain" instead of >> multi-host all stops because my phone not gets authenticated then and struck >> in provisioning. >> >> On Mon, Mar 22, 2021, 22:32 Ludovic Zammit <[email protected] >> <mailto:[email protected]>> wrote: >> Connect both of them and show me the result of this command: >> >> show authentication session int YOUR_INTERFACE detail >> >> Thanks, >> Ludovic Zammit >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: >> www.inverse.ca <https://www.inverse.ca/> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >> <http://packetfence.org/>) >> >> >> >> >> >> >> >>> On Mar 22, 2021, at 12:55 PM, NITISH AGGARWAL <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Voice vlan 100 and access vlan 10 >>> >>> On Mon, Mar 22, 2021, 22:23 Ludovic Zammit <[email protected] >>> <mailto:[email protected]>> wrote: >>> What’s your voice VLAN id ? >>> >>> Thanks, >>> Ludovic Zammit >>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <https://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>> >>> >>> >>>> On Mar 22, 2021, at 12:13 PM, NITISH AGGARWAL <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> switchport mode access >>>> Switchport access vlan 10 >>>> switchport voice vlan 100 >>>> switchport port-security mac-address sticky 0200.000x.xxxx >>>> switchport port-security maximum 2 >>>> authentication host-mode multi-host >>>> authentication order dot1x mab >>>> authentication priority dot1x mab >>>> authentication port-control auto >>>> authentication periodic >>>> mab >>>> no snmp trap link-status >>>> dot1x pae authenticator >>>> dot1x timeout quiet-period 2 >>>> dot1x timeout tx-period 3 >>>> >>>> On Mon, Mar 22, 2021, 20:12 Ludovic Zammit <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> Hello, >>>> >>>> Show me the interface configuration that you have on your switch where you >>>> plug your phone. >>>> >>>> Thanks, >>>> Ludovic Zammit >>>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>>> :: www.inverse.ca <https://www.inverse.ca/> >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>> <http://packetfence.org/>) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>> On Mar 18, 2021, at 8:27 AM, NITISH AGGARWAL via PacketFence-users >>>>> <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I have setup PacketFence as per guide. Dot1x is enabled and working but I >>>>> am not able to use MAB. Due to which my ip phones are not get >>>>> authenticated. >>>>> >>>>> In switch (cisco 2960) I was using authentication host-mode as >>>>> multi-domain and MAB is enable. But since it was not authenticating I am >>>>> using host-mode as multi-host. Now my system and phone is working but it >>>>> is not authenticating my ip phone which is causing problem sometimes. I >>>>> am not able to resolve the issue please suggest what needs to be done >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> <mailto:[email protected]> >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>> >>> >> >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > <OpenPGP_0x8049779A866B418C.asc>_______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
