cancel
Showing results for 
Search instead for 
Did you mean: 

netlogin mac authentication and lldp issue

netlogin mac authentication and lldp issue

Vitor_Barreiro
New Contributor
Hello.
I have a customer with Cisco infrastructure and NPS Microsoft Radius and they are using MAC auth. (MAB) for the Cisco phones. I'm running some tests with a Summit X460-G2.

I have netlogin configured on port 1 to authenticate an IP phone using mac authentication and a PC using 802.1x authentication. Initially both (PC and IP phone) devices get authentication and authorization with dynamic VLAN. Voice VLAN tagged and set LLDP (TLVs) to switch to recognize IP phone and place voice traffic in the correct VLAN.

#

configure netlogin vlan Auth

enable netlogin dot1x mac

configure netlogin authentication protocol-order dot1x mac web-based

configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48

enable netlogin ports 1,3-5,7,9,11-19 dot1x

enable netlogin ports 1,3-5,7,9,11-19 mac

configure netlogin ports 1 mode mac-based-vlans

configure netlogin ports 1 no-restart

#

configure lldp port 1 advertise system-capabilities

configure lldp port 1 advertise vendor-specific med capabilities

configure lldp port 1 advertise vendor-specific med power-via-mdi

configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46



The problem is when for some reason the ip phone is disconnected and connected (port down/up) again both devices authenticates again, but the ip phone it is not recognized (lldp) by the switch and don´t receives ip address. The ip phone is recognized and back working again after I re-enter the following commands, even if they already standing in the configuration:



configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46

4 REPLIES 4

TylerMarcotte
Extreme Employee
Have you tried configuring NPS to assign the VLAN for the IP phone rather than relying on LLDP to assign it? The only thing I can think of off the top of my head is that during authentication the LLDP is not passing thorough for some reason.

This may be a good case to open with GTAC to help troubleshoot live if you can.

Thank you Tyler. I am opening a case in the GTAC to get more help.

Jeremy_Gibbs
Contributor
Does cisco require a certain LLDP transmit interval?

Cisco? the ip phone?
GTM-P2G8KFN