802.1 x behind ip phone
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2016 06:48 PM
Hello,
I try to configure Extreme switch summit X-440-48 with netlogin and dynamic vlan radius based, all is working fine when i plug a PC directly to the switch, but i need to use IP Phone Snom in the voice vlan without authentication and the PC should be behind the IP Phone, there is a way to bypass authentication for IP Phone based on there OUI and authenticate all PC ? i already did it with 3Com switch.
I try to configure Extreme switch summit X-440-48 with netlogin and dynamic vlan radius based, all is working fine when i plug a PC directly to the switch, but i need to use IP Phone Snom in the voice vlan without authentication and the PC should be behind the IP Phone, there is a way to bypass authentication for IP Phone based on there OUI and authenticate all PC ? i already did it with 3Com switch.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2016 09:17 PM
good idea, I'll test it by tomorrow, thanks a lot Brad 😄
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2016 09:13 PM
Hi Kamal,
Yes, to create an access list in CLI mode, enter the command "vi" yes, that policy should work with netlogin on the same port.
Yes, to create an access list in CLI mode, enter the command "vi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2016 09:09 PM
Thank you Brad,
Can we create access control list in CLI mode ? if so, this ACL will work with netlogin in the same port ?
i'll give it a try
Can we create access control list in CLI mode ? if so, this ACL will work with netlogin in the same port ?
i'll give it a try
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2016 07:19 PM
Hi Kamal,
You should be able to create an access control list for the port that looks like this:
entry PhoneVlan {
if {
ethernet-source-address 00:01:02:03:01:01 / ff:ff:ff:00:00:00; } then { add-vlan-id; } } In the above example, the effective match condition will be "00:01:02:xx:xx:xx". If no mask is supplied, it will be assumed to be ff:ff:ff:ff:ff:ff.
The 'then' statement should include "add-vlan-id" and then the vlan ID that you want to use.
You should be able to create an access control list for the port that looks like this:
entry PhoneVlan {
if {
ethernet-source-address 00:01:02:03:01:01 / ff:ff:ff:00:00:00; } then { add-vlan-id
The 'then' statement should include "add-vlan-id" and then the vlan ID that you want to use.
