Solved: Re: 802.1X with Mitel phones

JefferyThurman0021 · ‎08-10-2021

I have a Catalyst 9300 configured with 802.1X with ports in multi-auth mode. Corporate laptops use 802.1X to authenticate to the corporate network and BYOD devices use MAB/CWA to authenticate to a BYOD network. The issue I have is when a Mitel phone is connected to the switch and devices are connected to the PC port of the phone. If I connect a corporate laptop to the phone, it authenticates fine with 802.1X and establishes an access-session. The issue is when I disconnect the laptop from the phone, that access-session stays active and if I connect a BYOD device to the phone, that device now has access to the corporate network. Is there a way for the switch to learn when a PC port on a Mitel phone is

Greg Gibbs · ‎08-10-2021

The phone needs to support a function that tells the switch that the PC has been disconnected so the switch can clear that session and MAC address. Cisco phones use CDP to do this and some other vendors (like Avaya) support an EAPOL Proxy-Logoff feature.

You need to confirm with the vendor if they support such a feature.

View solution in original post

Greg Gibbs · ‎08-10-2021

The phone needs to support a function that tells the switch that the PC has been disconnected so the switch can clear that session and MAC address. Cisco phones use CDP to do this and some other vendors (like Avaya) support an EAPOL Proxy-Logoff feature.

You need to confirm with the vendor if they support such a feature.