802.1x with avaya IP phone on passthrough mode

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I want to implement 802.1x Netlogin for NAC. We have Avaya IP phones but we don't want the IP phones to be authenticated, only the users (laptop/PC) connected through the IP Phone. Is this possible?

The Avaya IP phone is configured in 802.1x passthrough enable and with proxy-logoff.
Photo of Ari Davila

Ari Davila

  • 112 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Mario Pardo

Mario Pardo

  • 92 Points 75 badge 2x thumb
Avaya VoIP phones support the pass-through to connect users, Avaya phones must be authorized by the switches when activated 802.1x, can perform AUTHENTICATION by using the mac-address oui of each model.
Photo of Ugarte, Johnny

Ugarte, Johnny, Employee

  • 100 Points 100 badge 2x thumb
The following article describes how to configure MAC Authentication local on the switch: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Configure/?q=mac+authentication&...
Photo of Ari Davila

Ari Davila

  • 112 Points 100 badge 2x thumb
Thanks for the information Mario and Johnny!!! We will use MAC authentication through local databes using the MAC OUI.

Regards!
Photo of Jason Parker

Jason Parker, Employee

  • 2,918 Points 2k badge 2x thumb
Just to be clear, your phones are working fine? The phones will still need to have the propriety DHCP options 242 and 176 configured on the DHCP server. 
Here is a basic EXOS configuration for the VOIP phone
1. Configure VLAN
  • create vlan "VOIP"
  • configure vlan "VOIP" tag 20
  • configure vlan "VOIP" add ports <ports> tagged
2. Configure LLDP on the Port
  • configure lldp port 1:1 advertise vendor-specific dot1 vlan-name
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme call-server 0.58.196.179 
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme file-server 10.58.196.177
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme dot1q-framing tagged
  • configure lldp port 1:1 advertise vendor-specific med capabilities
3. Enable LLDP on the port
  • enable lldp port <port>










 
Photo of Ari Davila

Ari Davila

  • 112 Points 100 badge 2x thumb
Hi Jason! The IP phones are working fine. We are using the DHCP options for provide the information needed by the Avaya IP phone, but thanks for the script using LLDP, this would help us for another clients!