Extreme Networks

Hello.
I have a customer with Cisco infrastructure and NPS Microsoft Radius and they are using MAC auth. (MAB) for the Cisco phones. I'm running some tests with a Summit X460-G2.

I have netlogin configured on port 1 to authenticate an IP phone using mac authentication and a PC using 802.1x authentication. Initially both (PC and IP phone) devices get authentication and authorization with dynamic VLAN. Voice VLAN tagged and set LLDP (TLVs) to switch to recognize IP phone and place voice traffic in the correct VLAN.

#

configure netlogin vlan Auth

enable netlogin dot1x mac

configure netlogin authentication protocol-order dot1x mac web-based

configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48

enable netlogin ports 1,3-5,7,9,11-19 dot1x

enable netlogin ports 1,3-5,7,9,11-19 mac

configure netlogin ports 1 mode mac-based-vlans

configure netlogin ports 1 no-restart

#

configure lldp port 1 advertise system-capabilities

configure lldp port 1 advertise vendor-specific med capabilities

configure lldp port 1 advertise vendor-specific med power-via-mdi

configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46



The problem is when for some reason the ip phone is disconnected and connected (port down/up) again both devices authenticates again, but the ip phone it is not recognized (lldp) by the switch and don´t receives ip address. The ip phone is recognized and back working again after I re-enter the following commands, even if they already standing in the configuration:



configure lldp port 1 advertise vendor-specific dot1 port-protocol-vlan-id vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific dot1 vlan-name vlan VOIP_OPT

configure lldp port 1 advertise vendor-specific med policy application voice vlan VOIP_OPT dscp 46