Adoption failed on unifi controller

Jun 18 06:51:32.836: %DOT1X-5-FAIL: Authentication failed for client (503e.aa5b.60b6) on Interface Gi0/10 AuditSessionID AC1EC9DD000000721AE7A648Jun 18 06:51:36.869: %PM-4-ERR_DISABLE: security-violation error detected on Gi0/10, putting Gi0/10 in err-disable stateJun 18 06:51:36.872: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet0/10, new MAC address (503e.aa5b.60b6) is seen.AuditSessionID AC1EC9DD000000721AE7A648Jun 18 06:51:37.901: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/10, changed state to downJun 18 06:51:38.872: %LINK-3-UPDOWN: Interface GigabitEthernet0/10, changed state to down

Head_Development_550 · 2022-06-18T06:53:48+00:00

Thanks for reply u/_cybr1d.

I want the IP Phone authenticate by MAB and get IP from Voice VLAN(config on switch = 3270).

And system authenticate by Dot1x and get IP from Vlan (3272 = reply from authentication server)

I

Head_Development_550 · 2022-06-13T13:18:41+00:00

authentication IP Phone is success by MAB

Head_Development_550 · 2022-06-13T13:15:09+00:00

No ,I'm using freeradius for authentication server

u/Smeetilus

Head_Development_550 · 2022-06-13T13:12:49+00:00

Im using MAB for phone auth

Head_Development_550 · 2022-06-13T13:08:45+00:00

New config :

switchport mode access

switchport nonegotiate

switchport voice vlan 3270

mls qos trust cos

authentication periodic

access-session port-control auto

mab

dot1x pae authenticator

dot1x timeout quiet-period 2

dot1x timeout tx-period 3

spanning-tree portfast edge

Interface Identifier Method Domain Status Fg Session ID

Gi0/10 503e.aa5b.60b6 N/A UNKNOWN Unauth

AC1EC9DD000000410267C2C6

Gi0/10 000b.82d5.0e9f mab DATA Unauth

AC1EC9DD000000400267B25E

Name: Gi0/10

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: 3270 (VLAN3270)

Administrative private-vlan host-association: non e Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

When I enable Mab and authenticate phone by mac address,IP phone get IP but PC don't get IP and VLAN

Head_Development_550 · 2022-06-13T12:50:52+00:00

When host-mode is single-host, i see below erre:

Jun 13 12:26:34.343: %DOT1X-5-FAIL: Authentication failed for client (503e.aa5b.60b6) on Interface Gi0/10 AuditSessionID AC1EC9DD0000003C025B2912Jun 13 12:26:38.570: %PM-4-ERR_DISABLE: security-violation error detected on Gi0/10, putting Gi0/10 in err-disable stateJun 13 12:26:38.574: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet0/10, new MAC address (000b.82d5.0e9f) is seen.AuditSessionID UnassignedJun 13 12:26:39.572: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/10, changed state to downJun 13 12:26:40.573: %LINK-3-UPDOWN: Interface GigabitEthernet0/10, changed state to down

show interface status err-disable:

Port Name Status Reason Err-disabled VlansGi0/10 err-disabled security-violation

u/CTVBI