Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1906
Views
0
Helpful
3
Replies

LLDP - 802.1x Cisco - Nortel

rcierny
Level 1
Level 1

‎12-16-2008 11:13 AM - edited ‎03-06-2019 03:00 AM

Greetings,

We are currently trying to deploy LLDP for voice vlan assignment

and 802.1x for access control.

We are running Cat3560 running 12.2(46)SE.

Both features work independently:

-phone gets assigned appropriate voice

vlan via LLDP, obtains IP from DHCP and operates normally.

-PC successfully autenticates using dot1x or

gets assigned guest vlan if no dot1x configured.

When both features deployded simulaneously the phone hangs waiting for DHCP.

At this stage we do not want to deploy dot1x authentication for the phones as LLDP is working successfully (standalone).

Any thoughts on this?

Labels:
0 Helpful
3 Replies 3

kutukutu9
Level 1
Level 1

‎12-16-2008 12:16 PM

You might need to ignore / filter the mac of the IP phone in your auth server. I had this issue when I deployeed a simular solution. Auth server thinks the phone is a PC therefore won't let it access the voice VLAN.

Or is the phone in the correct Voice VLAN while waiting for DHCP?

0 Helpful

sachinraja
Level 9
Level 9

‎12-16-2008 01:37 PM

Hello Roman

When using IP phones with dot1x, you need to enable multi-domain authentication for both the devices to function properly.. you also need to enable the mac address of the IP phones to get authenticated through the external server. Posting an example here:

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml

Hope this helps you.. rate replies if found useful..

Regards

Raj

0 Helpful

rcierny
Level 1
Level 1

‎12-16-2008 02:25 PM

Thank You for your inputs guys.

What I am trying to accomplish is to have dot1x port capability for the desktops without the requirement of authentication (dot1x eap or mac-auth-bypass) for the IP phones. Currently I had automated IP phone assignment without the LLDP. This setup is working using 802.1x guest vlan and private dhcp options to redirect phones into voice vlan. I would like to eliminate the reliance on DHCP option fields (and requiring phone scope in guest vlan altogheter) and assign voice vlan using LLDP. From Cisco's LLDP documentation and its interaction 802.1x the LLDP only occurs after the 802.1x authentication. However in our case the clients do not get assigned either the guest-vlan or the voice vlan when LLDP and 802.1x is enabled. The port remains in un-authorised state. Form our testing LLDP decreases IP phone boot times significantly by providing less complex IP address/vlan assignment mechanism. So close yet so far...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card