Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
1
Replies

802.1X MDA VLAN Tagging

bdowney
Level 1
Level 1

‎03-05-2008 09:08 AM - edited ‎03-05-2019 09:34 PM

When a phone is on the voice vlan packet destined for it should have a 802.1q tag with a VLAN ID of the voice vlan.

Does the EAP packet (for the phone) have an 802.1q vlan header when using 802.1X MDA? What about re-authentication packets?

The Standard says VLAN tagging is not supported but it was not written with MDA in mind.

Labels:
0 Helpful
1 Reply 1

stephan.l.martin1
Level 1
Level 1

‎04-19-2020 04:22 PM

If my understanding of dot1x/eap authentication is correct- the dot1q header isn't applicable as the switch will simply take the information provided in regards to the EAP and forward it on to the authentication server prior to authorizing the device onto the network. Pre-authorization results in no traffic flowing through- all the authenticator cares about is forwarding the information to the authentication server and identifying what VLAN it needs to go into. The same should happen for any devices behind the phone.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card