Header Only - DO NOT REMOVE - Extreme Networks

Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port


Hello

I have a computer and a phone on the same switch port with different vlans working (VOIP VLAN configured).

Is it possible to authenticate both (phone and computer) on the same port over dot1x (radius)? I don't find any documentation for multiple supplicant support on the same switch port.

The phone gets authenticated, but the computer behind the phone doesn't authenticate.

Thank you for help
Christian

3 replies

I found the solution. I had to change dot1x prot-control from auto to mac-based.

mac-based is explained like this:

  • MAC-Based – This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.
Userlevel 7
Christian Gfeller wrote:

I found the solution. I had to change dot1x prot-control from auto to mac-based.

mac-based is explained like this:

  • MAC-Based – This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.

Thanks for coming back to share the answer with the community!
Hello,
This can be done by using policy based authentication. Radius server can authenticate multiple devices on same port and reply with vlan id tagged or untagged for the mac. Device will get data vlan as untagged while Phone will get VOIP vlan as tagged. Only one thing, need to manually set vlan id in the phone in dot1.q settings

Reply