Header Only - DO NOT REMOVE - Extreme Networks

802.1 x behind ip phone

I try to configure Extreme switch summit X-440-48 with netlogin and dynamic vlan radius based, all is working fine when i plug a PC directly to the switch, but i need to use IP Phone Snom in the voice vlan without authentication and the PC should be behind the IP Phone, there is a way to bypass authentication for IP Phone based on there OUI and authenticate all PC ? i already did it with 3Com switch.

4 replies

Hi Kamal,

You should be able to create an access control list for the port that looks like this:

entry PhoneVlan {
if {
ethernet-source-address 00:01:02:03:01:01 / ff:ff:ff:00:00:00; } then { add-vlan-id ; } } [/code] In the above example, the effective match condition will be "00:01:02:xx:xx:xx". If no mask is supplied, it will be assumed to be ff:ff:ff:ff:ff:ff.

The 'then' statement should include "add-vlan-id" and then the vlan ID that you want to use.
Thank you Brad,
Can we create access control list in CLI mode ? if so, this ACL will work with netlogin in the same port ?
i'll give it a try
Hi Kamal,

Yes, to create an access list in CLI mode, enter the command "vi " yes, that policy should work with netlogin on the same port.
good idea, I'll test it by tomorrow, thanks a lot Brad 😃