Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
2
Replies

802.1x on a port switch with PC and Ip Phone

joseph-mayo-botele
Level 1
Level 1

‎09-04-2008 10:08 AM - edited ‎03-06-2019 01:11 AM

Hi,

I attempt to configure 802.1x on a port switch (pcv + ip phone) with this configuration :

int fa x

switchport mode access

switchport voice vlan y

dot1x control auto

shut

no shut

However my pc behind the back of ip phone doesn't work. I would to know if it's possible to run it and what's the requirement to execute.

Sincerely

Joseph

Labels:
0 Helpful
2 Replies 2

Willem de Groot
Level 1
Level 1

‎09-04-2008 10:00 PM

Hi Joseph,

What kind of switch are you using?

My config: (for a 3750E)

interface GigabitEthernet1/0/3

description 007-5217 Plath

switchport access vlan 5

switchport mode access

switchport voice vlan 229

switchport port-security maximum 2

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

macro description cisco-phone

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input AutoQoS-Police-CiscoPhone

Hope it helps a bit ;-)

Best regards

Willem

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-04-2008 11:37 PM

Hello Joseph,

what model of switch are you using and what IOS release is running ?

I made a search in CCO and I've found that it should work this way at least for C4500:

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/dot1x.html

Using 802.1X with Voice VLAN Ports

A voice VLAN port is a special access port associated with two VLAN identifiers:

•Voice VLAN ID (VVID) to carry voice traffic to and from the IP phone. The VVID is used to configure the IP phone connected to the port.

•Port VLAN ID (PVID) to carry the data traffic to and from the workstation connected to the switch through the IP phone. The PVID is the native VLAN of the port.

Each port that you configure for a voice VLAN is associated with a VVID and a PVID. This configuration allows voice traffic and data traffic to be separated onto different VLANs.

A voice VLAN port becomes active when there is a link whether or not the port is AUTHORIZED or UNAUTHORIZED. All traffic coming through the voice VLAN is learned correctly and appears in the MAC-address-table. Cisco IP phones do not relay CDP messages from other devices. As a result, if several Cisco IP phones are connected in series, the switch recognizes only the one directly connected to it. When 802.1X is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.

When 802.1X is enabled on a port, you cannot configure a PVID that is equal to a VVID. For more information about voice VLANs, see Chapter 31, "Configuring Voice Interfaces."

In your case the data vlan is vlan 1, so check if you have DHCP services in vlan 1.

Note2: verify if the phone is able to register with CallManager.

I've seen phones stucked that were not allowing PC traffic through if not able to register on in the middle of firmware upgrade.

Verify if the PC port is enabled on the phone there is a chance that someone has disabled the PC port.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card