ExtremeSwitching (Other)

Expand all | Collapse all

Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

  • 1.  Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

    Posted 06-04-2018 16:20
    Hello

    I have a computer and a phone on the same switch port with different vlans working (VOIP VLAN configured).

    Is it possible to authenticate both (phone and computer) on the same port over dot1x (radius)? I don't find any documentation for multiple supplicant support on the same switch port.

    The phone gets authenticated, but the computer behind the phone doesn't authenticate.

    Thank you for help
    Christian



  • 2.  RE: Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

    Posted 06-06-2018 04:31
    I found the solution. I had to change dot1x prot-control from auto to mac-based.

    mac-based is explained like this:

    • MAC-Based – This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.



  • 3.  RE: Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

    Posted 06-06-2018 13:56
    Hello,
    This can be done by using policy based authentication. Radius server can authenticate multiple devices on same port and reply with vlan id tagged or untagged for the mac. Device will get data vlan as untagged while Phone will get VOIP vlan as tagged. Only one thing, need to manually set vlan id in the phone in dot1.q settings



  • 4.  RE: Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

    Posted 06-06-2018 04:31
    Thanks for coming back to share the answer with the community!