Comware

 View Only

  • 1.  4200vl 802.1x issue with voip phones

    Posted Jan 30, 2009 04:56 PM
    I've started having an odd issue with 802.1x authentication some new 4208vl's that we recently got. I'm pretty sure I narrowed the is down to the switch.

    Essentially what is happening is that if I plug a single device into a switch port it will authenticate (works for mitel voip phones and XP with SP3). However if I connect a computer to the pass through port on the voip phone the computer will not authenticate but the phone does. It's almost like the switch is not paying attention to the client-limit setting.

    In that scenario XP will say that authentication failed with an event ID 15514 in the event log (that event has a reason 327685). Googling has returned very little so far on reason 327685.

    My dot1x config for the switch is setup as follows.

    gvrp
    aaa authentication port-access eap-radius
    radius-server key mysecrete
    radius-server host 10.x.y.z
    aaa port-access gvrp-vlans
    aaa port-access authenticator A1
    aaa port-access authenticator A1 unauth-vid 12
    aaa port-access authenticator A1 client-limit 3
    aaa port-access authenticator active
    aaa port-access A1

    I've also ruled out the phones from this issue. I currently have a phone with attached computer connected to a 2650 without issue.

    Anyone have any thoughts? Did I miss something simple in my config? Thanks in advance.


  • 2.  RE: 4200vl 802.1x issue with voip phones

    Posted Jan 30, 2009 05:43 PM
    Hi

    If you have the same configuration on 2600 series switch, then i guess you are right narrowing it down to the 4200.

    However, i just wanted to share few points with you.
    did you try plug the same PC to the same port ?
    are you using a different vlan for both IP Phone and PC ?
    did you consider the configuration of the Vlans tagging/untagging on the port ? or you are relying on the gvrp to advertise the Dynamic vlan assignerd by the Radius ?

    Good Luck !!!


  • 3.  RE: 4200vl 802.1x issue with voip phones

    Posted Jan 30, 2009 05:51 PM
    did you try plug the same PC to the same port ?
    Yep.

    are you using a different vlan for both IP Phone and PC ?
    Yes. The the voip traffic and the workstation traffic are seperate vlans.

    did you consider the configuration of the Vlans tagging/untagging on the port ? or you are relying on the gvrp to advertise the Dynamic vlan assignerd by the Radius ?
    I'm using GVRP with the "aaa port-access gvrp-vlans".


  • 4.  RE: 4200vl 802.1x issue with voip phones

    Posted Feb 12, 2009 12:03 AM
    Setting up Mitel phones on ProCurve use command:

    vlan XX voice


  • 5.  RE: 4200vl 802.1x issue with voip phones

    Posted Feb 12, 2009 11:02 AM
    yep I already voiced the voip vlan. I thought the voice command only turned on lldp-med?


  • 6.  RE: 4200vl 802.1x issue with voip phones

    Posted Feb 13, 2009 03:46 PM
    are there enough vlans? the out of the box threshhold is low. use
    max-vlans 256
    or whatever #

    the pass through works in my setting.



Related Content