Dear all,
I am currently using Dot1x to authenticate my users on the domain through an NPS server. My switchport implementation is the following:
interface GigabitEthernet1/0/X
switchport mode access
switchport voice vlan 100
no logging event link-status
authentication control-direction in
authentication event server dead action authorize vlan 300
authentication event no-response action authorize vlan 1023
authentication host-mode multi-domain
authentication order mab dot1x
authentication port-control auto
authentication violation restrict
mab eap
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
flowcontrol receive desired
storm-control broadcast level 0.50 0.40
storm-control multicast level 0.50 0.40
spanning-tree portfast
Users are authenticated with no problem. the final implementation needs the AASTRA telephones to be connected to the switchport and then PCs to be connected to the telephones. The telephones are discovered through LLDP but then do not authenticate on the network.
The Authentication implementation is as follows: the telephone should not authenticate on Vlan 100 (voice vlan) and the user through the PC port of the telephone device to authenticate through Dot1x.
While the telephone is set with no authentication the NPS server is sending EAPOL packets to the device for authentication with the following debug:
Mar 24 2015 12:19:39.449 EET: @@@ dot1x_auth Gi1/0/19: auth_authenticating -> auth_authc_result
Mar 24 2015 12:19:39.449 EET: dot1x-sm(Gi1/0/19): 0x810007EC:auth_authenticating_exit called
Mar 24 2015 12:19:39.455 EET: dot1x-sm(Gi1/0/19): 0x810007EC:auth_authc_result_enter called
Mar 24 2015 12:19:39.455 EET: %DOT1X-5-FAIL: Authentication failed for client (0008.5d44.e338) on Interface Gi1/0/19 AuditSessionID 0A97140700004BD4E7BF7913
Mar 24 2015 12:19:39.455 EET: dot1x-ev(Gi1/0/19): Sending event (2) to Auth Mgr for 0008.5d44.e338
Mar 24 2015 12:19:39.455 EET: %AUTHMGR-7-RESULT: Authentication result 'fail' from 'dot1x' for client (0008.5d44.e338) on Interface Gi1/0/19 AuditSessionID 0A97140700004BD4E7BF7913
Mar 24 2015 12:19:39.455 EET: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0008.5d44.e338) on Interface Gi1/0/19 AuditSessionID 0A97140700004BD4E7BF7913
Mar 24 2015 12:19:39.455 EET: dot1x-redundancy: State for client 0008.5d44.e338 successfully retrieved
Mar 24 2015 12:19:39.455 EET: dot1x-ev(Gi1/0/19): Received Authz fail for the client 0x810007EC (0008.5d44.e338)
Mar 24 2015 12:19:39.455 EET: dot1x-sm(Gi1/0/19): Posting_AUTHZ_FAIL on Client 0x810007EC
Mar 24 2015 12:19:39.455 EET: dot1x_auth Gi1/0/19: during state auth_authc_result, got event 22(authzFail)
has anyone came across such an implementation problem?