Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4011
Views
0
Helpful
3
Replies

ISE Dynamic Voice Vlan Assignment using MAB

Go to solution
alex.fana1
Level 1
Level 1

‎06-27-2016 10:39 AM - edited ‎03-10-2019 11:53 PM

Hello Everyone,

I've just configured the ISE and the switch to do the authentication for my voice vlan telephones and users. The issue that I'm having is assigning a dynamic Voice vlan for my VTC units

The authentication and authorization is working good with ISE and I'm able to assign the users vlan, but I'm having issues with the voice vlan.

Any help would be appreciated!

Thanks!

Labels:
Preview file
27 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to alex.fana1

‎06-30-2016 05:59 AM

Alex,

We cannot setup more then one voice vlan. Is that what you are trying to achieve?

Do not push any vlan id in the authorization rule. Pushing class=voice attribute will assign vlan 210 (voice vlan) .

Only data vlan should be assigned dynamically.

Hope that helps

Regards,

~JG

Do rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎06-27-2016 11:40 AM

Do not push device class=voice attribute for this authorization rule. Only vlan id is needed.

Regards,

~JG

0 Helpful

Go to solution
alex.fana1
Level 1
Level 1
In response to Jagdeep Gambhir

‎06-28-2016 07:43 AM

Hi Jag,

 I tried and the voice vlan is not changing.

====Config=====

!
interface GigabitEthernet0/16
 switchport access vlan 153
 switchport mode access
 switchport voice vlan 210
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 authentication event fail action authorize vlan 225
 authentication event server dead action authorize
 authentication event no-response action authorize vlan 225
 authentication event server alive action reinitialize
 authentication port-control auto
 mab
 mls qos trust device cisco-phone
 mls qos trust cos
 macro description doj-dot1x | doj-dot1x
 dot1x pae authenticator
 dot1x timeout quiet-period 3
 dot1x timeout tx-period 15
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end

==========

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to alex.fana1

‎06-30-2016 05:59 AM

Alex,

We cannot setup more then one voice vlan. Is that what you are trying to achieve?

Do not push any vlan id in the authorization rule. Pushing class=voice attribute will assign vlan 210 (voice vlan) .

Only data vlan should be assigned dynamically.

Hope that helps

Regards,

~JG

Do rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents