Hi to all.
Obviusly i made an erro in the title the Switch is a 1960
We receive the voice VLAN (VLAN 32) from our provider via a router. This VLAN is correctly tagged as 32 and configured under Voice VLAN Configuration on our switches, with QoS Mode set to "MAC Address". This configuration is distributed across all switches, and IP phones register correctly under normal conditions.
We also have a data VLAN (VLAN 29), which is untagged on access ports. When a PC is connected downstream from a Cisco CP-7821 IP phone, it correctly receives an IP address from the data network, and everything works as expected.
Now, we are implementing machine (computer) authentication using 802.1X. On switch ports, we've set the Control Mode to "Auto" in Port Access Control. When a PC is connected directly to the switch, authentication with NPS works perfectly, and network access is granted without issues.
🚫 Issue
When we connect an IP phone to the switch, and a PC downstream from the phone, the phone fails to register and does not receive an IP address from the voice VLAN (VLAN 32).
To troubleshoot this, we tried enabling MAC Authentication:
-
MAC Authentication is enabled on the switch port.
-
The Control Mode is still set to "Auto".
-
The phone's MAC address is configured as a user (username = MAC address) in NPS and switch configuration.
-
VLAN assignment is enabled in NPS policies.
Despite this, the phone still fails to authenticate or receive the correct VLAN, and we suspect the MAB (MAC Authentication Bypass) policy isn't being applied correctly or something is misconfigured in the NPS or switch-side MAC Auth settings.
------------------------------
Danilo Cantagallo
------------------------------