Cisco Multidomain(MDA) authentication with ClearPass



What attribute should we enforce from ClearPass while configuring multidomain(MDA) authentication with Cisco switches?


Multidomain authentication (MDA) allows both a data device and voice device, such as an IP phone, to authenticate on the same switch port. If the authentication order includes the 802.1X port authentication method, we should enable IEEE 802.1X authentication on the switch. 

We should configure the voice VLAN for the IP phone when the host mode is set to multi-domain. With voice vlan configured on the switch, CPPM should be configured to send a Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice, as shown below.

See the ClearPass Solution Guide for Wireless Policy Enforcement for complete details and sample configurations.

Version history
Revision #:
3 of 3
Last update:
‎01-05-2018 08:40 AM
Updated by:
Labels (1)

Thanks for the info, Tim!


What would be a similar ArubaOS-Switch approach to Cisco's multi-domain authentication? (in that it works with IP Phones doing 802.1X and the PC's behind them doing 802.1X as well).  What would be the switch-side configuration and the minimal CPPM configuration to support it?


Thanks for any help in advance!



Search Airheads
Showing results for 
Search instead for 
Did you mean: