Security

 View Only

  • 1.  Mac Auth - Avaya Phone

    Posted Mar 28, 2019 02:32 PM

    Hello -

     

    I have a customer running both Cisco and Aruba switches using Clearpass for 802.1x and mac auth.  Ran into an issue with an Avaya phone not authenticating onto the network.  The mac will not show up on the address table unless I specifically untag the voice vlan on the port.  If I untag the voice vlan, the mac auth is sent to Clearpass and the tagged voice vlan is returned. I don't have this issue with any other device, but only the phones are looking for a specific vlan.  This manual configuration is uncessary on the Cisco side as it learns the mac regardless of the access vlan.

     

    Trying to find out if this is expected behavior or if I missed a mac auth setting which needs to be turned on.



  • 2.  RE: Mac Auth - Avaya Phone

    Posted Jul 30, 2019 11:01 AM

    You can send the untagged and tagged vlan in the radius enforcement.

     

    This way, a (new) booting phone that is not aware about any vlan tagging (clean config) will request dhcp/config via the untagged vlan.

     

    After it applies the config and reboots, it will use the tagged vlan.

     

    please read instruction below carefully how to program multiple vlan's. It is not really straigtforward as you need to convert the vlan id to hex value and prefix it with a number and convert it to decimal again to tell the switch to tag or untag that vlan id.

    https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Returning-multiple-tagged-VLANS-and-untagged-VLAN-from-ClearPass/ta-p/413955



Related Content