Good morning my fellow Cisco users!  I have Dot1x set up (with certificates) and running to the point that im almost ready to put it into my production network!  I have one thing im trying to work out that I hope is doable.

On my test port I have

switchport mode access

switchport voice vlan 50

dot1x pae auth

dot1x port-control auto

dot1x host-mode multi-host

dot1x time quiet-period 5

dot1x timeout server-timeout 10

dot1x timeout tx-period 5

dot1x max-reauth-req 1

dot1x reauthenication

dot1x guest-vlan 69

spanning-tree portfast

So here is the deal:

1.  If I plug a computer on a domain with the right certificate its put onto our DATA network which is what I want (pulls an IP from the DATA network DHCP server)

2.  If I plug my personal laptop that isnt part of the domain its put into our guest vlan 69 (pulls an ip address from the guest vlan DHCP server) which is what I want

3.  If I plug a cisco IP phone into the port, the phone registers and loads up fine (great).  If I plug the pc from number 1 it gets on the DATA network which is perfect!

4.  Now here is where im scratching my head.  If I plug in the pc from number 2 into the phone I just get an APIA address.  I was hoping this would dump the pc in the guest vlan. 

My cisco device is a Cisco 4507 running 12.2(37)SG1