This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port

Christian_Gfell
New Contributor

‎06-04-2018 04:20 PM

Hello

I have a computer and a phone on the same switch port with different vlans working (VOIP VLAN configured).

Is it possible to authenticate both (phone and computer) on the same port over dot1x (radius)? I don't find any documentation for multiple supplicant support on the same switch port.

The phone gets authenticated, but the computer behind the phone doesn't authenticate.

Thank you for help
Christian

0 Kudos
3 REPLIES 3

Nachiket_Pathak
New Contributor

‎06-06-2018 01:56 PM

Hello,
This can be done by using policy based authentication. Radius server can authenticate multiple devices on same port and reply with vlan id tagged or untagged for the mac. Device will get data vlan as untagged while Phone will get VOIP vlan as tagged. Only one thing, need to manually set vlan id in the phone in dot1.q settings

0 Kudos

Christian_Gfell
New Contributor

‎06-06-2018 04:31 AM

I found the solution. I had to change dot1x prot-control from auto to mac-based.

mac-based is explained like this:

  • MAC-Based – This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.

0 Kudos

Drew_C
Valued Contributor III
In response to Christian_Gfell

‎06-06-2018 04:31 AM

Thanks for coming back to share the answer with the community!
0 Kudos
GTM-P2G8KFN