01-03-2023 06:22 AM
We need to find a way of bypassing 802.1x port authentication for Avaya IP phones. The switch ports on our Cisco 9200 switches all have 802.1x authentication with NPS acting as the radius (No ISE or ACS servers).
This works fine for PC's/Laptops when plugged in but doesn't work when plugging in Avaya phones and piggy backing the laptop through the phone.
I'm aware of how to achieve this using host-mode multi-domain and MAB when an ACS server is used but we have Microsoft NPS running instead.
Separating laptops and phones in to separate switches/ports is not an option as we would have to find another 500 ports.
01-03-2023 07:39 AM
- Review this thread : https://community.cisco.com/t5/network-access-control/802-1x-authentication-for-cisco-2960-and-avaya-ip-phone/td-p/2876422
M.
01-03-2023 07:50 AM
01-04-2023 07:43 AM
Configuring MAC Authentication Bypass for the Avaya phones is an option, but the responses above would be better.
01-05-2023 02:24 AM
Hi All,
Thanks for the responses, im still working on getting MAB working with NPS, without the phone in play 802.1x works perfectly along with automatic vlan assignment - adding the phone to the mix just shuts down the switchport at the point the phone tries to register on the network, the port then goes to an err-disable state. It might be a firmware issue on the phones although the managed by another company so cant change it.
Also creating a connection request policy in NPS for each of the phone/MAC might be a bit much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide