I have netlogin successfully working with 802.1x and MAC-based when a single device is connected.
I am now trying to combine this in the form of an Avaya handset - a port is configured with Netlogin:
- tagged VLAN for voice (with MAC auth)
- untagged VLAN for ethernet pass-through on the handset (802.1X auth).
The handset authenticates successfully using MAC-based auth but then it appears the untagged client is forced to use MAC-based as well (rather than try with 802.1x) according to the radius logs.
Has anyone got any suggestions on how to get this working?
Sample config:create vlan "data"
create vlan "voice"
configure vlan data tag 1
configure vlan voice tag 24
create vlan "nt_login"
configure vlan data add ports 7 tagged
configure vlan data add ports 1 untagged
configure vlan voice add ports 1,7 tagged
configure vlan data ipaddress x.x.x.y 255.255.255.0 enable ipforwarding vlan data
configure netlogin vlan nt_login
enable netlogin dot1x mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac timers reauth-period 3600
enable netlogin ports 1 dot1x
enable netlogin ports 1 mac
configure netlogin ports 1 mode port-based-vlans
configure netlogin ports 1 no-restart
configure radius netlogin primary server x.x.x.x 1812 client-ip x.x.x.y vr VR-Default
configure radius netlogin primary shared-secret encrypted "..."
enable radius netlogin
[/code]