I am currently working on an 802.1x pilot. I have successfully deployed certificates for PCs and users and I'm able to assign VLAN etc in a reliable fashion.
I would like to enable MAC Authentication Bypass on the voice VLAN for IP phones. The problem is, when I create a user with the phones MAC address as a user name, or AD Domain policy does not allow the password to also be the mac address. Disabling this policy temporarily for adding these users is not a credible solution for us. I'd rather not use third party software that allows for diversity in AD password policy.
I've seen it implied that the switch (3560 in my case) can be configured to send the Radius secret rather than the device MAC address as the device's password, is this true? If so, how?
Thanks!