Hello.
I have a customer with Cisco infrastructure and NPS Microsoft Radius and they are using MAC auth. (MAB) for the Cisco phones. I'm running some tests with a Summit X460-G2.
I have netlogin configured on port 1 to authenticate an IP phone using mac authentication and a PC using 802.1x authentication. Initially both (PC and IP phone) devices get authentication and authorization with dynamic VLAN. Voice VLAN tagged and set LLDP (TLVs) to switch to recognize IP phone and place voice traffic in the correct VLAN.
#
configure netlogin vlan Auth
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
enable netlogin ports 1,3-5,7,9,11-19 dot1x
enable netlogin ports 1,3-5,7,9,11-19 mac
configure netlogin ports 1 mode mac-based-vlans
configure netlogin ports 1 no-restart
#
configure lldp port 1 advertise system-capabilities
configure lldp port 1 advertise vendor-specific med capabilities
configure lldp port 1 advertise vendor-specific med power-via-mdi
configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT
configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT
configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46
The problem is when for some reason the ip phone is disconnected and connected (port down/up) again both devices authenticates again, but the ip phone it is not recognized (lldp) by the switch and don´t receives ip address. The ip phone is recognized and back working again after I re-enter the following commands, even if they already standing in the configuration:
configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT
configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT
configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46
