Extreme 220 Series: Multiple Supplicant 802.1x (PC and Phone) on the same port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2018 04:20 PM
Hello
I have a computer and a phone on the same switch port with different vlans working (VOIP VLAN configured).
Is it possible to authenticate both (phone and computer) on the same port over dot1x (radius)? I don't find any documentation for multiple supplicant support on the same switch port.
The phone gets authenticated, but the computer behind the phone doesn't authenticate.
Thank you for help
Christian
I have a computer and a phone on the same switch port with different vlans working (VOIP VLAN configured).
Is it possible to authenticate both (phone and computer) on the same port over dot1x (radius)? I don't find any documentation for multiple supplicant support on the same switch port.
The phone gets authenticated, but the computer behind the phone doesn't authenticate.
Thank you for help
Christian
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2018 01:56 PM
Hello,
This can be done by using policy based authentication. Radius server can authenticate multiple devices on same port and reply with vlan id tagged or untagged for the mac. Device will get data vlan as untagged while Phone will get VOIP vlan as tagged. Only one thing, need to manually set vlan id in the phone in dot1.q settings
This can be done by using policy based authentication. Radius server can authenticate multiple devices on same port and reply with vlan id tagged or untagged for the mac. Device will get data vlan as untagged while Phone will get VOIP vlan as tagged. Only one thing, need to manually set vlan id in the phone in dot1.q settings
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2018 04:31 AM
I found the solution. I had to change dot1x prot-control from auto to mac-based.
mac-based is explained like this:
mac-based is explained like this:
- MAC-Based – This mode allows multiple supplicants connected to the same port to each authenticate individually. Each host connected to the port must authenticate separately in order to gain access to the network. The hosts are distinguished by their MAC addresses.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2018 04:31 AM
Thanks for coming back to share the answer with the community!
