01-23-2007 05:15 AM - edited 03-10-2019 02:56 PM
I have a Catalyst 4510R and I want to im plement 802.1x with dynamic VLAN assignment via Radius server. I am going to plug to switch ports Cisco IP phones and PCs (PCs are plugged in the IP phone).
For this implementation I need to configure the switch port in mode trunk because I have voice vlan corresponding IP phone and data vlan corresponding to PC.
However I have read that I can not enable 802.1x on a trunk port.
How could I configure this?
I need that when the PC is authenticated correctly is assigned to his cooresponding data vlan and the IP phone is in the voice vlan.
Thanks
01-23-2007 08:08 AM
You should configure the port as an access port with an aux-vlan. Here's an example:
!
interface GigabitEthernet2/2
switchport access vlan 701
switchport mode access
switchport voice vlan 702
load-interval 30
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree portfast
spanning-tree bpduguard enable
service-policy output autoqos-voip-policy
Hope this helps,
01-24-2007 12:05 AM
Thanks for your help and for your example.
I have one question about this.
In the configuration example if you put "switchport access vlan 701" you are forcing the PC which is plugged to the Cisco IP Phone to be assigned to the data vlan 701 and I would like that this dynamic assignment was done for Microsoft IAS (Radius server) ,previously configured, according to the username and password set.
01-24-2007 08:42 AM
It doesn't matter either way. If you put "switchport access vlan 701" on the port, that just means 701 is whats configured. You can configure a VLAN from RADIUS with this just fine. It can be the same VLAN, a different VLAN, etc.
If you didn't have "switchport access vlan 701" configured, then you might as well have "switchport access vlan 1" configured anyway (which is the default, and wouldn't be recommended from a security best-practice anyway).
Hoep this helps,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide