802.1 x behind ip phone

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hello,
I try to configure Extreme switch summit X-440-48 with netlogin and dynamic vlan  radius based, all is working fine when i plug a PC directly to the switch, but i need to use IP Phone Snom in the voice vlan without authentication and the PC should be behind the IP Phone, there is a way to bypass authentication for IP Phone based on there OUI and authenticate all PC ? i already did it with 3Com switch.
Photo of Kamal FIKRI

Kamal FIKRI

  • 160 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Brad Parker

Brad Parker, Technical Support Engineer

  • 3,592 Points 3k badge 2x thumb
Hi Kamal,

You should be able to create an access control list for the port that looks like this:

entry  PhoneVlan {
if {
ethernet-source-address 00:01:02:03:01:01 / ff:ff:ff:00:00:00; } then { add-vlan-id <vlanID>; } } 

In the above example, the effective match condition will be "00:01:02:xx:xx:xx". If no mask is supplied, it will be assumed to be ff:ff:ff:ff:ff:ff. 

The 'then' statement should include "add-vlan-id" and then the vlan ID that you want to use.




(Edited)
Photo of Kamal FIKRI

Kamal FIKRI

  • 160 Points 100 badge 2x thumb
Thank you Brad,
Can we create access control list in CLI mode ? if so, this ACL will work with netlogin in the same port ?
i'll give it a try
Photo of Brad Parker

Brad Parker, Technical Support Engineer

  • 3,592 Points 3k badge 2x thumb
Hi Kamal,

Yes, to create an access list in CLI mode, enter the command "vi <desired acl policy file name>" yes, that policy should work with netlogin on the same port.
Photo of Kamal FIKRI

Kamal FIKRI

  • 160 Points 100 badge 2x thumb
good idea, I'll test it by tomorrow, thanks a lot Brad :D