I did try this method also with assigning both the untaged and tagged in the same policy.
I've re-tried where I only assign the tagged vlan when a matched OUI comes through to the radius server.
I also have the existing dot1x policy in place that should place the pass-through client onto the untagged vlan for that particular port.
However, I still get the following in the switch log:
Authentication failed for Netowrk Login MAC user 500000130000 Mac 50:00:00:13:00:00 port 1 Network Login MAC user B4B0178AD709 logged in MAC B4:B0:17:8A:D7:09 port 1 VLAN(s) "voice", authentication Radius From the Radius server logs:
As you can see from the radius logs, it's still receiving the username as a MAC address rather than the windows username.
I have also made sure that the avaya handset has been set to DOT1X Passthrough (tried with passthrough and passthrough with logoff).
If I plug the end client in directly to the switch, it will authenticate as normal using DOT1X using the windows username and password.