For my ip phone it is showing as Cisco-AvPair = 'service-type = call check' Cisco-AvPair= audit-session-id = ACxxxxxxxxx Cisco-AvPair = method=mab
But it is not working On Tue, Mar 23, 2021, 22:56 Ludovic Zammit <[email protected]> wrote: > Authentication host-mode multi-domain > > > Yes, it’s mandatory, it will allow you to have one Mac address into the > DATA domain and one Mac address into the VOICE domain. > > Use case: Computer plugged on the back of the phone. > > The voice domain is necessary if you want to use the voice capabilities of > the Cisco switch. The Cisco-AVPair = "device-traffic-class=voice” > instruction from PF to the switch, will tell the switch to put that Mac > address into the voice lan configured on the port. > > Thanks, > > > Ludovic Zammit > [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > > > > On Mar 23, 2021, at 12:57 PM, NITISH AGGARWAL <[email protected]> > wrote: > > Ok..thank you Thomas and Ludovic. > > Just one thing, is this command "authentication host-mode " is mandatory??? > > I have configured one switch port without it and tried to figure this out > and till now everything is working fine. Is this command mandatory bcoz > sometimes while I am using authentication host-mode as multi-host, instead > of authentication my pc it got struck at my ip phone and resulted in Port > authentication failure and I have to shut unshut that port to make it > working. > > > I also want to bring one thing to your notice that as I saw my ip phone > Mac address under nodes, I saw connection type as blank, while for PCs it > is ethernet eap, is this the issue. There should be some connection type > maybe non ethernet eap for ip phone but it is blank. > > On Tue, Mar 23, 2021, 21:58 Ludovic Zammit via PacketFence-users < > [email protected]> wrote: > >> Hello, >> >> Tomas points are good and he is right. >> >> In order for PF to send out the specific radius reply for a phone, you >> will need to make you check: >> >> - SNMP correctly configure on the switch and/or PF switch Configuration >> as well >> - Check the VOIP support for your switch module in PF >> - Make sure your phone has LLDP / CDP enable for auto-registration >> - Check the radius reply for that Mac address it should look like this: >> “Cisco-AVPair = "device-traffic-class=voice"” >> - Make sure the VOIP box is checked under the Mac address >> >> Thanks, >> >> >> Ludovic Zammit >> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Mar 22, 2021, at 2:00 PM, Thomas Michel via PacketFence-users < >> [email protected]> wrote: >> >> Hi, >> >> >> authentication host-mode multi-host means that if a single device is >> authenticated all devices can access the network. So in your configuration >> it works as expected. >> >> Are you using Cisco phones? If not, try to use authentication host-mode >> multi-auth, which means each new mac address needs to authenticate itself. >> Otherwise you can use multi-domain mode. >> >> Also, you might want to remove the switchport port-security command, they >> are not needed in a dotx environment. >> >> If using cisco phones make sure CDP is enabled on the switch. >> >> Usefull troubleshooting command is "debug dot1x events" to see what >> happens when you connect a device and show authetication session interface >> <interface> detail to see all dot1x configuration and authentications on >> the switchport. >> >> "show cdp neighbors" will show you if a cisco phone is discovered. >> >> Regards, >> >> Tom. >> Am 22.03.2021 um 18:14 schrieb NITISH AGGARWAL via PacketFence-users: >> >> Only my pc got authenticated via dot1x and no authentication for phone . >> Although my phone keeps on working no matter it is not authenticated. >> >> But if I used "authentication host mode as multi-domain" instead of >> multi-host all stops because my phone not gets authenticated then and >> struck in provisioning. >> >> On Mon, Mar 22, 2021, 22:32 Ludovic Zammit <[email protected]> wrote: >> >>> Connect both of them and show me the result of this command: >>> >>> show authentication session int YOUR_INTERFACE detail >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> >>> >>> On Mar 22, 2021, at 12:55 PM, NITISH AGGARWAL <[email protected]> >>> wrote: >>> >>> Voice vlan 100 and access vlan 10 >>> >>> On Mon, Mar 22, 2021, 22:23 Ludovic Zammit <[email protected]> wrote: >>> >>>> What’s your voice VLAN id ? >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic Zammit >>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mar 22, 2021, at 12:13 PM, NITISH AGGARWAL <[email protected]> >>>> wrote: >>>> >>>> switchport mode access >>>> Switchport access vlan 10 >>>> switchport voice vlan 100 >>>> switchport port-security mac-address sticky 0200.000x.xxxx >>>> switchport port-security maximum 2 >>>> authentication host-mode multi-host >>>> authentication order dot1x mab >>>> authentication priority dot1x mab >>>> authentication port-control auto >>>> authentication periodic >>>> mab >>>> no snmp trap link-status >>>> dot1x pae authenticator >>>> dot1x timeout quiet-period 2 >>>> dot1x timeout tx-period 3 >>>> >>>> >>>> On Mon, Mar 22, 2021, 20:12 Ludovic Zammit <[email protected]> wrote: >>>> >>>>> Hello, >>>>> >>>>> Show me the interface configuration that you have on your switch where >>>>> you plug your phone. >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> Ludovic Zammit >>>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mar 18, 2021, at 8:27 AM, NITISH AGGARWAL via PacketFence-users < >>>>> [email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I have setup PacketFence as per guide. Dot1x is enabled and working >>>>> but I am not able to use MAB. Due to which my ip phones are not get >>>>> authenticated. >>>>> >>>>> In switch (cisco 2960) I was using authentication host-mode as >>>>> multi-domain and MAB is enable. But since it was not authenticating I am >>>>> using host-mode as multi-host. Now my system and phone is working but it >>>>> is >>>>> not authenticating my ip phone which is causing problem sometimes. I am >>>>> not >>>>> able to resolve the issue please suggest what needs to be done >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> >>>> >>> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> <OpenPGP_0x8049779A866B418C.asc> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
