Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
5
Helpful
1
Replies

dot1x multidomain without authenticating the phone

cerisier
Level 1
Level 1

‎12-15-2015 01:26 PM - edited ‎03-08-2019 03:07 AM

Hello All,

We recently moved a network from Alcatel 6850/6450 to Cisco 3650/2960X. On this network we use alcatel ip phone connecting the PC on dot1x authenticated port.

On the Alcatel switches we used the "port mobile" feature which moved the ip phone in the voice vlan by comparing the mac @ of the phone with a range configured in the switch. So the Ip phone were not 802.1x authenticated. The PC connected on the IP Phone were then authenticated using 802.1x and all was fine (PC authenticated = Data Vlan, not authenticated = default guest vlan).

On the Cisco 2960X I try to reproduce this behaviour (PC authenticated while IP Phone not authenticated on the same port) by configuring

multi-Domain Authentication, with or without MAB and tried a lot of configuration but I can't find a way to achieve the same behaviour as on the Alcatel switches.

Does anybody has ever done this or seen a documentation ? I browsed a lot of doc and forum without finding the solution.

Thank you in advance for your help.

Best regards,

Labels:
0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎12-15-2015 08:55 PM

Hello,

Have a look on the below link based on Multidomain authentication dot1x

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/5700/sec-user-8021x-xe-3se-5700-book/sec-ieee-mda.pdf

Hope it Helps..

-GI

Customers Also Viewed These Support Documents