How to allow IP phone on netlogin port but authenticate Computer behind IP Phone?

Sami117 — Tue, 24 Oct 2023 06:11:46 GMT

As the title suggests, i would like to know how to allow a IP Phone (Specifically Avaya phones) to connect to a port with netlogin enabled, but it would still authenticate the device that connects through the IP Phone.

We are trying to move setup from ERS4900 series to a 5320 series switch, so the commands on the two are different and how to set up authentication on the ports are also different. And with the new Exos having Eapol commands removed we are trying to figure out how to use netlogin for our setup.

Currently what we tried is to have 802.1x netlogin configured with vlans changing based on our NAC rules. but we cant seem to get the IP phone to be authenticated, we even tried making a rule on the NAC to allow it but it isnt doing so at the moment and we even tried MAC authentication but that is not working.

currently the setup for just dot1x is like this:
create vlan nt_login
configure netlogin vlan nt_login
enable netlogin dot1x
enable netlogin ports 1-6 dot1x
configure radius netlogin primary server NAC_IP client-ip Switch_IP vr VR-Default shared-secret Kanoo@123
create vlan VLAN1 tag 40
create vlan VLAN2 tag 50
create vlan Voip tag 60
enable ports 1-6,24
configure vlan VLAN1 add ports 24 tagged
configure vlan VLAN2 add ports 24 tagged
configure vlan Voip add ports 24 tagged

Any help would be appreciated.

These are the sources i used so far:
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000081809
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000080274&q=netlogin%20and%20access%20ports

topic How to allow IP phone on netlogin port but authenticate Computer behind IP Phone? in ExtremeSwitching (EXOS/Switch Engine)

How to allow IP phone on netlogin port but authenticate Computer behind IP Phone?