Security

Reply
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

I have a problem showedd up after ocnfiguring teh global configs and port config on cisco switch and connected Cisco IP phone and Computer connected from Ip-Phone and port go error disable and configs as below:

 

 

switchport mode access
 switchport access vlan 1
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 30
 dot1x timeout supp-timeout 30
 dot1x max-req 3
 dot1x max-reauth-req 10
 spanning-tree portfast

Guru Elite
Posts: 8,022
Registered: ‎09-08-2010

Re: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

What does the err-disable log say?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

Actually I couldnt see it so what is teh command that I can run?

Guru Elite
Posts: 8,022
Registered: ‎09-08-2010

Re: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

show interface status err-disabled

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

Switch#show interfaces status err-disabled

Port      Name               Status       Reason               Err-disabled Vlans
Gi1/0/12  *** Connected To A err-disabled security-violation
Switch#

Frequent Contributor II
Posts: 478
Registered: ‎03-15-2014

Re: After configuring the clearpass with cisco switch for MAC and 802.1x I got port error disable?

I figured it out it was issue because of host mode I used this configuration below but the thing is I didnt see any mac request from IP Phone and it work normally:

 

 switchport mode access
 switchport voice vlan 22
 authentication host-mode multi-host
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 mls qos trust device cisco-phone
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 10
 dot1x max-req 3
 dot1x max-reauth-req 10
 storm-control broadcast level 30.00
 spanning-tree portfast
 spanning-tree bpduguard enable

Search Airheads
Showing results for 
Search instead for 
Did you mean: