Header Only - DO NOT REMOVE - Extreme Networks

802.1x with avaya IP phone on passthrough mode


I want to implement 802.1x Netlogin for NAC. We have Avaya IP phones but we don't want the IP phones to be authenticated, only the users (laptop/PC) connected through the IP Phone. Is this possible?

The Avaya IP phone is configured in 802.1x passthrough enable and with proxy-logoff.

5 replies

Avaya VoIP phones support the pass-through to connect users, Avaya phones must be authorized by the switches when activated 802.1x, can perform AUTHENTICATION by using the mac-address oui of each model.
The following article describes how to configure MAC Authentication local on the switch: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Configure/?q=mac+authentication&...
Thanks for the information Mario and Johnny!!! We will use MAC authentication through local databes using the MAC OUI.

Regards!
Userlevel 4
Just to be clear, your phones are working fine? The phones will still need to have the propriety DHCP options 242 and 176 configured on the DHCP server.
Here is a basic EXOS configuration for the VOIP phone
1. Configure VLAN
  • create vlan "VOIP"
  • configure vlan "VOIP" tag 20
  • configure vlan "VOIP" add ports tagged
2. Configure LLDP on the Port
  • configure lldp port 1:1 advertise vendor-specific dot1 vlan-name
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme call-server 0.58.196.179
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme file-server 10.58.196.177
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme dot1q-framing tagged
  • configure lldp port 1:1 advertise vendor-specific med capabilities
3. Enable LLDP on the port
  • enable lldp port
Jason Parker wrote:

Just to be clear, your phones are working fine? The phones will still need to have the propriety DHCP options 242 and 176 configured on the DHCP server.
Here is a basic EXOS configuration for the VOIP phone
1. Configure VLAN

  • create vlan "VOIP"
  • configure vlan "VOIP" tag 20
  • configure vlan "VOIP" add ports tagged
2. Configure LLDP on the Port
  • configure lldp port 1:1 advertise vendor-specific dot1 vlan-name
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme call-server 0.58.196.179
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme file-server 10.58.196.177
  • configure lldp port 1:1 advertise vendor-specific avaya-extreme dot1q-framing tagged
  • configure lldp port 1:1 advertise vendor-specific med capabilities
3. Enable LLDP on the port
  • enable lldp port

Hi Jason! The IP phones are working fine. We are using the DHCP options for provide the information needed by the Avaya IP phone, but thanks for the script using LLDP, this would help us for another clients!

Reply