Ok..thank you Thomas and Ludovic. Just one thing, is this command "authentication host-mode " is mandatory???
I have configured one switch port without it and tried to figure this out and till now everything is working fine. Is this command mandatory bcoz sometimes while I am using authentication host-mode as multi-host, instead of authentication my pc it got struck at my ip phone and resulted in Port authentication failure and I have to shut unshut that port to make it working. I also want to bring one thing to your notice that as I saw my ip phone Mac address under nodes, I saw connection type as blank, while for PCs it is ethernet eap, is this the issue. There should be some connection type maybe non ethernet eap for ip phone but it is blank. On Tue, Mar 23, 2021, 21:58 Ludovic Zammit via PacketFence-users < [email protected]> wrote: > Hello, > > Tomas points are good and he is right. > > In order for PF to send out the specific radius reply for a phone, you > will need to make you check: > > - SNMP correctly configure on the switch and/or PF switch Configuration as > well > - Check the VOIP support for your switch module in PF > - Make sure your phone has LLDP / CDP enable for auto-registration > - Check the radius reply for that Mac address it should look like this: > “Cisco-AVPair = "device-traffic-class=voice"” > - Make sure the VOIP box is checked under the Mac address > > Thanks, > > > Ludovic Zammit > [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > > > > On Mar 22, 2021, at 2:00 PM, Thomas Michel via PacketFence-users < > [email protected]> wrote: > > Hi, > > > authentication host-mode multi-host means that if a single device is > authenticated all devices can access the network. So in your configuration > it works as expected. > > Are you using Cisco phones? If not, try to use authentication host-mode > multi-auth, which means each new mac address needs to authenticate itself. > Otherwise you can use multi-domain mode. > > Also, you might want to remove the switchport port-security command, they > are not needed in a dotx environment. > > If using cisco phones make sure CDP is enabled on the switch. > > Usefull troubleshooting command is "debug dot1x events" to see what > happens when you connect a device and show authetication session interface > <interface> detail to see all dot1x configuration and authentications on > the switchport. > > "show cdp neighbors" will show you if a cisco phone is discovered. > > Regards, > > Tom. > Am 22.03.2021 um 18:14 schrieb NITISH AGGARWAL via PacketFence-users: > > Only my pc got authenticated via dot1x and no authentication for phone . > Although my phone keeps on working no matter it is not authenticated. > > But if I used "authentication host mode as multi-domain" instead of > multi-host all stops because my phone not gets authenticated then and > struck in provisioning. > > On Mon, Mar 22, 2021, 22:32 Ludovic Zammit <[email protected]> wrote: > >> Connect both of them and show me the result of this command: >> >> show authentication session int YOUR_INTERFACE detail >> >> Thanks, >> >> >> Ludovic Zammit >> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Mar 22, 2021, at 12:55 PM, NITISH AGGARWAL <[email protected]> >> wrote: >> >> Voice vlan 100 and access vlan 10 >> >> On Mon, Mar 22, 2021, 22:23 Ludovic Zammit <[email protected]> wrote: >> >>> What’s your voice VLAN id ? >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> >>> >>> On Mar 22, 2021, at 12:13 PM, NITISH AGGARWAL <[email protected]> >>> wrote: >>> >>> switchport mode access >>> Switchport access vlan 10 >>> switchport voice vlan 100 >>> switchport port-security mac-address sticky 0200.000x.xxxx >>> switchport port-security maximum 2 >>> authentication host-mode multi-host >>> authentication order dot1x mab >>> authentication priority dot1x mab >>> authentication port-control auto >>> authentication periodic >>> mab >>> no snmp trap link-status >>> dot1x pae authenticator >>> dot1x timeout quiet-period 2 >>> dot1x timeout tx-period 3 >>> >>> >>> On Mon, Mar 22, 2021, 20:12 Ludovic Zammit <[email protected]> wrote: >>> >>>> Hello, >>>> >>>> Show me the interface configuration that you have on your switch where >>>> you plug your phone. >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic Zammit >>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mar 18, 2021, at 8:27 AM, NITISH AGGARWAL via PacketFence-users < >>>> [email protected]> wrote: >>>> >>>> Hi, >>>> >>>> I have setup PacketFence as per guide. Dot1x is enabled and working but >>>> I am not able to use MAB. Due to which my ip phones are not get >>>> authenticated. >>>> >>>> In switch (cisco 2960) I was using authentication host-mode as >>>> multi-domain and MAB is enable. But since it was not authenticating I am >>>> using host-mode as multi-host. Now my system and phone is working but it is >>>> not authenticating my ip phone which is causing problem sometimes. I am not >>>> able to resolve the issue please suggest what needs to be done >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> >>> >> > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > <OpenPGP_0x8049779A866B418C.asc> > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
