Meraki

Community

Dot1x authentication behind a Cisco Deskpro (IPPhone) issue

Solved
tmichel
Conversationalist
yesterday
yesterday

Dot1x authentication behind a Cisco Deskpro (IPPhone) issue

I connected a DeskPro to an MS120-8FP switch and configured dot1x with Multi-Domain authentication. The DeskPro gets placed into the voice vlan as expected, when connecting a PC it gets assigned the data vlan (both via CoA fromt eh Radius server). So that looks fine.

 

However, when the PC disconnects and reconnects later, no new authentication happens. The PC immediately gets access again. If adding a different PC, it gets no network connectivity at all. My guess it this is due to the different MAC address.

 

I suspect (without confirming) this happens with other IP phones as well.

 

This means each time I connect a different PC to the DeskPro I need to unplug the network cable of it to trigger a new authentication - which is not a viable option.

 

Anyone knows how to get the MS120 to trigger reauthentication when a PC gets disconnected/reconnected?

Labels:
0 Kudos
1 Accepted Solution
tmichel
Conversationalist
yesterday
yesterday

Thanks, I've been through that with no luck. 

 

I could actually solve the issue by creating a new access policy. It has exactly the same settings as the one I used before. I can reproduce the issue by switching between the two access profiles in the port profile - one works the other one does not. 

 

I suspect it's due to the fact I enabled the smart port beta feature - I've seen some oddities with existing profiles since then. Maybe the old access profile does not work as it was created before enabling smart ports. 

View solution in original post

0 Kudos
2 Replies 2
RWelch
A model citizen
yesterday
yesterday

RADIUS Issue Resolution Guide 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
tmichel
Conversationalist
yesterday
yesterday

Thanks, I've been through that with no luck. 

 

I could actually solve the issue by creating a new access policy. It has exactly the same settings as the one I used before. I can reproduce the issue by switching between the two access profiles in the port profile - one works the other one does not. 

 

I suspect it's due to the fact I enabled the smart port beta feature - I've seen some oddities with existing profiles since then. Maybe the old access profile does not work as it was created before enabling smart ports. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.