Wireless (General)

 View Only
  • 1.  netlogin mac authentication and lldp issue

    Posted 03-16-2016 23:14
    Hello.
    I have a customer with Cisco infrastructure and NPS Microsoft Radius and they are using MAC auth. (MAB) for the Cisco phones. I'm running some tests with a Summit X460-G2.

    I have netlogin configured on port 1 to authenticate an IP phone using mac authentication and a PC using 802.1x authentication. Initially both (PC and IP phone) devices get authentication and authorization with dynamic VLAN. Voice VLAN tagged and set LLDP (TLVs) to switch to recognize IP phone and place voice traffic in the correct VLAN.

    #

    configure netlogin vlan Auth

    enable netlogin dot1x mac

    configure netlogin authentication protocol-order dot1x mac web-based

    configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48

    enable netlogin ports 1,3-5,7,9,11-19 dot1x

    enable netlogin ports 1,3-5,7,9,11-19 mac

    configure netlogin ports 1 mode mac-based-vlans

    configure netlogin ports 1 no-restart

    #

    configure lldp port 1 advertise system-capabilities

    configure lldp port 1 advertise vendor-specific med capabilities

    configure lldp port 1 advertise vendor-specific med power-via-mdi

    configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT

    configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT

    configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46



    The problem is when for some reason the ip phone is disconnected and connected (port down/up) again both devices authenticates again, but the ip phone it is not recognized (lldp) by the switch and don´t receives ip address. The ip phone is recognized and back working again after I re-enter the following commands, even if they already standing in the configuration:



    configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT

    configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT

    configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46



  • 2.  RE: netlogin mac authentication and lldp issue

    Posted 03-17-2016 00:04
    Does cisco require a certain LLDP transmit interval?


  • 3.  RE: netlogin mac authentication and lldp issue

    Posted 03-17-2016 00:04
    Cisco? the ip phone?


  • 4.  RE: netlogin mac authentication and lldp issue

    Posted 03-17-2016 16:31
    Have you tried configuring NPS to assign the VLAN for the IP phone rather than relying on LLDP to assign it? The only thing I can think of off the top of my head is that during authentication the LLDP is not passing thorough for some reason.

    This may be a good case to open with GTAC to help troubleshoot live if you can.


  • 5.  RE: netlogin mac authentication and lldp issue

    Posted 03-17-2016 16:31
    Thank you Tyler. I am opening a case in the GTAC to get more help.