For our setup we are using 802.1x to authenticate users, this works fine. But now we want to add a voice vlan. The phone always has to be in vlan 20, while the client is in vlan 99 unless he can authenticate himself, then he's in vlan 50. So the setup would be
[ switch ] - [ VoIP phone ] - [ client ]
VLAN 20 - voice
VLAN 50 - authenticated
VLAN 99 - guest
The phone doesn't have to authenticate itself, so we're using host-mode multi-host. I should also add that we're using Alcatel phones, not cisco.
The problem is that the phone doesn't get an ip from the voice vlan, it's getting a vlan 99 ip.
This is our configuration for the interface on the switch:
Re: voice vlan and 802.1x authentication , wrong ip
Hi, after the phone is successfully authenticated via 802.1X or MAB, the AAA server needs to send a RADIUS-Accept message to the switch with the device-traffic-class=voice VSA.The switch authorizes the MAC address of the phone and allows it access to the voice VLAN.
Therefore try adding this to your Authorisation rule on your AAA server:
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Do you currently have hands-on networking experience? If you do, we'd love to hear from you!
Your feedback will be reviewed and analyzed by our team to directly influence a networking management and monitoring product.
Take the 20-min or les...