Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered
Hello

I have a computer and a phone on the same switch port with different vlans working (VOIP VLAN configured).

Is it possible to authenticate both (phone and computer) on the same port over dot1x (radius)? I don't find any documentation for multiple supplicant support on the same switch port.

The phone gets authenticated, but the computer behind the phone doesn't authenticate.

Thank you for help
Christian
Photo of Christian Gfeller

Christian Gfeller

  • 120 Points 100 badge 2x thumb

Posted 5 months ago

  • 0
  • 1
Photo of Christian Gfeller

Christian Gfeller

  • 120 Points 100 badge 2x thumb
I found the solution. I had to change dot1x prot-control from auto to mac-based.

mac-based is explained like this:

  • MAC-Based – This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.
Photo of Drew C.

Drew C., Community Manager

  • 40,206 Points 20k badge 2x thumb
Thanks for coming back to share the answer with the community!
Photo of Nachiket Pathak

Nachiket Pathak

  • 150 Points 100 badge 2x thumb
Hello,
This can be done by using policy based authentication.  Radius server can authenticate multiple devices on same port and reply with vlan id  tagged or untagged for the mac.  Device will get data vlan as untagged while  Phone will get VOIP vlan as tagged.  Only one thing, need to manually set vlan id in the phone in dot1.q  settings