cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
161
Views
0
Helpful
3
Replies
Participant

802.1x with voice vlan

Is it possible to have a port configured with 802.1x for data and ip phones to use a normal voice vlan setup ie no 802.1x for phones.

Like so:

switchport mode access
switchport voice vlan 200
authentication event fail action authorize vlan 100
authentication event no-response action authorize vlan 100
authentication port-control auto
dot1x pae authenticator
spanning-tree portfast

 

3 REPLIES
Highlighted
Advisor

Re: 802.1x with voice vlan

AFAIK no. You will have to setup MAB for the phone.

Participant

Re: 802.1x with voice vlan

At the moment, our phones seem to hookup (no mab or 802.1x) and we do have authorization for the clients (802.1x) so it appears to be working. Should it be doing this?

Re: 802.1x with voice vlan

Hi,

You should enable mab in switch port interface for IP-phone authentication & the IP phone mac address should be authorized with voice permission.

A typical switch port configuration which looks like:

description ACCESS (Closed Mode)
switchport mode access
switchport access vlan <data vlan>
switchport voice vlan <voice vlan>
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
mab
authentication violation restrict
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server dynamic
dot1x timeout tx-period 10
spanning-tree portfast
authentication port-control auto
dot1x pae authenticator

 

you can refer this link https://community.cisco.com/t5/security-documents/cisco-ise-wired-access-deployment-guide/ta-p/3641515

CreatePlease to create content
Webcast-ISE Deployment and Best Practices