Hey guys,
Just bought ISE about two months ago and I'm running into issues with Cisco phones on 3750Gs. I put myself at a supported code base 12.2(55)SE11. The policy in ise works on 3850s and 9ks but not on my 3750s. I see the mac on both the voice vlan and the data vlan.
Vlan Mac Address Type Ports
---- ----------- -------- -----
230 0026.0bd8.d792 DYNAMIC Gi1/0/44
430 0026.0bd8.d792 STATIC Gi1/0/44
Interface config:
switchport access vlan 230 switchport mode access switchport voice vlan 430 ip access-group PreAuthAllowACL in authentication event fail action next-method authentication event server dead action authorize vlan 230 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication timer reauthenticate server mab dot1x pae authenticator spanning-tree portfast
Radius configs on device:
aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius aaa server radius dynamic-author client 172.22.198.10 server-key 7 Password ! radius-server host 172.22.198.10 auth-port 1812 acct-port 1813 key 7 Password radius-server attribute 6 on-for-login-auth radius-server attribute 25 access-request include radius-server dead-criteria time 30 tries 3 ip radius source-interface vlan 230 ip access-list extended PreAuthAllowACL permit udp any eq bootpc any eq bootps permit udp any any eq domain permit udp any any eq tftp ! radius-server vsa send authentication radius-server vsa send accounting
Show Auth sess int
Interface: GigabitEthernet1/0/44 MAC Address: 0026.0bd8.d792 IP Address: Unknown User-Name: 00-26-0B-D8-D7-92 Status: Authz Success Domain: VOICE Security Policy: Should Secure Security Status: Unsecure Oper host mode: multi-domain Oper control dir: both Authorized By: Authentication Server ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-57f6b0d3 Session timeout: N/A Idle timeout: N/A Common Session ID: AC16E62A00000012044642E1 Acct Session ID: 0x00000178 Handle: 0xD3000012 Runnable methods list: Method State dot1x Failed over mab Authc Success
ISE Auth Profile:
Access Type = ACCESS_ACCEPT DACL = PERMIT_ALL_TRAFFIC cisco-av-pair = device-traffic-class=voice
No comments:
Post a Comment