5130S-EI voice vlan+802.1x authentication configuration problem at a site
- 0 Followed
- 0Collected ,3122Browsed
Network Topology
pc--IP PHONE–-Switch
Problem Description
The site networking is pc - phone - switch, the authentication point is on the switch, before only using the voice vlan, the phone can be normal on the line After adding 802.1x to the interface, display mac-address to see that there is no mac of the phone, and then after deleting dot1x, there is, display dot1x interface to see that the mac of the IP phone is unauthenticated.
Process Analysis
Check the configuration under the port at the site, and find that the default trigger mode of 802.1X has been changed to unicast trigger at the site; the voice vlan is still in the default auto mode
#
interface GigabitEthernet1/0/10
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 274 tagged
port hybrid vlan 20 untagged
port hybrid pvid vlan 20
poe enable
undo dot1x handshake
undo dot1x multicast-trigger
dot1x unicast-trigger
voice-vlan 274 enable
#
With voice vlan and 802.1X authentication under the same interface, 1X, if triggered with unicast, voice vlan needs to be configured in manual mode so that the message triggers the voice vlan first
Solution
It is recommended to use 1x multicast trigger + voice vlan auto mode or 1x unicast trigger + voice vlan manual mode In addition, note that in the case that the client sends a stream without Tag, if the access port of the device is configured with Voice VLAN function, the 802.1X function of the port does not take effect.