Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4498
Views
10
Helpful
6
Replies

Use 802.1x to assign alternate voice VLAN

Go to solution
jeremydetwiler16
Level 1
Level 1

‎08-26-2021 11:47 AM

Good afternoon all,

 

I'm looking for a way for our 802.1x server to return an alternate voice VLAN ID number for the switch to use. For example, if the standard port config is:

 

switchport access vlan 10

switchport voice vlan 20

 

we want to be able to have the 802.1x server reply to the switch saying "the voice VLAN should be 15" and have the voice VLAN dynamically set to VLAN 15 by the switch. We already have Cisco-AVPair = device-traffic-class=voice to auth the voice VLAN device, but we still need to be able to pass back something to change the voice VLAN ID. Is this possible? If it makes any difference, we're using Aruba ClearPass and use Cisco 9200 and 2960X switches.

 

Thanks in advance!

Jeremy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-26-2021 04:11 PM

I don't believe there is any VSA for dynamic voice VLAN assignment as per the standard. The voice VLAN is a special kind of VLAN and there are various caveats and limitations associated with it as well as functions on the phone that rely on it (like the phone discovering the voice VLAN via CDP/LLDP). Dynamically changing the voice VLAN would likely cause race conditions and other issues with the phone operations.

View solution in original post

6 Replies 6

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-26-2021 04:11 PM

I don't believe there is any VSA for dynamic voice VLAN assignment as per the standard. The voice VLAN is a special kind of VLAN and there are various caveats and limitations associated with it as well as functions on the phone that rely on it (like the phone discovering the voice VLAN via CDP/LLDP). Dynamically changing the voice VLAN would likely cause race conditions and other issues with the phone operations.

Go to solution
jeremydetwiler16
Level 1
Level 1
In response to Greg Gibbs

‎08-27-2021 05:57 AM

Thanks Greg! Bummer. We're trying to figure out how to avoid a condition where we need to set the access VLAN to the voice VLAN ID, e.g. VG224 or 3rd party SIP device, while avoiding the conflict of having the access and voice VLANs be the same, which is obviously restricted in 802.1x world. It sounds like the only thing to do is just remove the switchport voice vlan command on such ports or set the voice VLAN to be some blackhole VLAN. Would you agree?

0 Helpful

Go to solution
Panos Bouras
Level 1
Level 1

‎08-27-2021 05:55 AM

Hi Jeremy,

 

You can try to use interface templates, maybe the following link will help you:

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116838-configure-identity-00.html

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful

Go to solution
jeremydetwiler16
Level 1
Level 1
In response to Panos Bouras

‎08-27-2021 07:41 AM

Hi Panos,

 

Unfortunately, we don't have ISE, we are using ClearPass. Thoughts?

 

Thanks,

Jeremy

0 Helpful

Go to solution
Panos Bouras
Level 1
Level 1
In response to jeremydetwiler16

‎08-31-2021 07:27 AM

Hi Jeremy,

 

You can setup an ISE lab, capture the RADIUS response to the switch and try to re-create that in Clearpass via a custom RADIUS dictionary or something similar.

Apologies but I'm not familiar with Clearpass.

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful

Go to solution
piesio.marcin
Level 1
Level 1

‎11-11-2021 06:25 AM

have you ever got this working, having the same issue, also on cppm ? 

would love return dynamic voice vlan to phones

0 Helpful
Customers Also Viewed These Support Documents