第二个设备auth问题

billywaiclassmate · ‎12-15-2017

我的问题是，当第一个设备auth成功（dot1x - vlan 2），然后交换第二个设备连接相同的端口，在正常情况下，应auth成功mab和分配到vlan 8，但我发现它将遵循前一个 auth vlan策略并且不能获取ip地址。
下面有一些关于我的问题的信息

auth information

ISETEST#sh auth session int g1/0/7
Interface: GigabitEthernet1/0/7
MAC Address: 0023.5ad5.6b39
IP Address: 192.168.3.59
User-Name: NITEC\Bill
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 2
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-57f6b0d3
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC106401000000210AE40298
Acct Session ID: 0x0000003A
Handle: 0x0A000022

Runnable methods list:
Method State
dot1x Authc Success
mab Not run

----------------------------------------
Interface: GigabitEthernet1/0/7
MAC Address: 3c52.82ce.059b
IP Address: Unknown
User-Name: 3C-52-82-CE-05-9B
Status: Authz Failed
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Vlan Policy: 2
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC106401000000220AE4EA32
Acct Session ID: 0x0000003B
Handle: 0x18000023

Runnable methods list:
Method State
dot1x Failed over
mab Authc Success

----------------------------------------
Interface: GigabitEthernet1/0/7
MAC Address: 000d.6554.8072
IP Address: 192.168.8.18
User-Name: 00-0D-65-54-80-72
Status: Authz Success
Domain: VOICE
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 7
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-57f6b0d3
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC106401000000200AE19C51
Acct Session ID: 0x00000039
Handle: 0x94000021

Runnable methods list:
Method State
dot1x Failed over
mab Authc Success

and then it is port command:i

nterface GigabitEthernet1/0/7
switchport access vlan 2
switchport trunk native vlan 2
switchport mode access
switchport voice vlan 7
ip device tracking maximum 2
authentication event fail action next-method
authentication event server dead action authorize vlan 2
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping trust
end

最后，有什么办法清除最后的身份验证连接记录，当新的设备连接？

感谢您的帮助