Create Date: Apr 9 2013 7:36PM
This relates to a problem that we are having in our environment. We currently use 802.1x in ISP mode wherein machines connecting to the switch will be RADIUS authenticated (integrated with AD). However we are now rolling out VOIP wherein we will piggyback data over voice. Although we have everything working without the 802.1x we are trying to see how to get this working with it in place. With Extremeware, you could specify 802.1x on a per vlan basis which is no longer available. Basically all traffic will need to be authenticated if you will. These are modern Mitel phones that will support dot1x but setting this up on the phones is a pain and will not work. In terms of options, I know that mac based authentication is possible but i have more than a 1000 phones. What I am looking for is the following:
1. Is there someway to exclude or exempt a vlan from authentication (the voice vlan in this case). can we setup either guest vlans or possibly authentication failure vlans. would that help.
2. Also from a performance perspective, i am already having issues reported with 802.1x due to periodic reauthentication which i recently disabled. now, since data will be authenticated (and dhcp) after voice, is there anything to be worried about. any suggestions pls. (from Anush_Santhanam)