09-04-2008 10:08 AM - edited 03-06-2019 01:11 AM
Hi,
I attempt to configure 802.1x on a port switch (pcv + ip phone) with this configuration :
int fa x
switchport mode access
switchport voice vlan y
dot1x control auto
shut
no shut
However my pc behind the back of ip phone doesn't work. I would to know if it's possible to run it and what's the requirement to execute.
Sincerely
Joseph
09-04-2008 10:00 PM
Hi Joseph,
What kind of switch are you using?
My config: (for a 3750E)
interface GigabitEthernet1/0/3
description 007-5217 Plath
switchport access vlan 5
switchport mode access
switchport voice vlan 229
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
Hope it helps a bit ;-)
Best regards
Willem
09-04-2008 11:37 PM
Hello Joseph,
what model of switch are you using and what IOS release is running ?
I made a search in CCO and I've found that it should work this way at least for C4500:
see
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/dot1x.html
Using 802.1X with Voice VLAN Ports
A voice VLAN port is a special access port associated with two VLAN identifiers:
â¢Voice VLAN ID (VVID) to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.
â¢Port VLAN ID (PVID) to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.
Each port that you configure for a voice VLAN is associated with a VVID and a PVID. This configuration allows voice traffic and data traffic to be separated onto different VLANs.
A voice VLAN port becomes active when there is a link whether or not the port is AUTHORIZED or UNAUTHORIZED. All traffic coming through the voice VLAN is learned correctly and appears in the MAC-address-table. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When 802.1X is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
When 802.1X is enabled on a port, you cannot configure a PVID that is equal to a VVID. For more information about voice VLANs, see Chapter 31, "Configuring Voice Interfaces."
In your case the data vlan is vlan 1, so check if you have DHCP services in vlan 1.
Note2: verify if the phone is able to register with CallManager.
I've seen phones stucked that were not allowing PC traffic through if not able to register on in the middle of firmware upgrade.
Verify if the PC port is enabled on the phone there is a chance that someone has disabled the PC port.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide