10-09-2006 12:31 PM - edited 03-10-2019 02:47 PM
I am testing with a 3750 PoE switch running 12.2(25)SEE1 and trying to configure 802.1x to work with Mitel IP phones.
I have voice and data vlans configured on each port. Turning on 802.1x causes the phone to hang and timeout in DHCP Discovery. The port status from the switch is "Unauthorized".
interface FastEthernet1/0/2
switchport access vlan 1
switchport mode access
switchport voice vlan 2
dot1x pae authenticator
dot1x port-control auto
no mdix auto
spanning-tree portfast
end
Should anything be configured besides the Voice VLAN to let phones onto the network? There is no computer behind the phone right now. The only information I can find says I need a VVID, and any clients behind it will cross the PVID.
Thanks.
10-09-2006 02:44 PM
Does your phone have 802.1X supplicant capability?
10-10-2006 09:01 AM
Yes it does.
Apparently the Mitel phones (testing a 5215 dual-mode) we have support EAP-MD5, but we have a primarily PEAP/EAP-TTLS environment. Apparently the phones need to use a username/password entered on each phone before they will send that to a Radius server doing EAP-MD5. Our PEAP clients authenticate to a Microsoft Radius server, and our EAP-TTLS to a Funk box. Hopefully the Microsoft can support both EAP-MD5 phones and PEAP on the laptops, I'll have to find out.
I was hoping this was a quick and easy Cisco configuration error... oh well.
10-10-2006 12:46 PM
The config on your siwtchport is fine, and need not change. If you have other wirking suppliacnts (PC or otherwise) you can plug into the port with that config, the rest of your Cisco-switch config would be fine too (like the RADIUS defnition, key, etc.)
Don't expect a PC behind the phone to work though.
Hope this helps,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide