I am working on a number of large campus deployments where the edge switches are 3750/3560's and the voice solution is Avaya 9600 IP Phones.
I have some beta firmware for the phones from Avaya which is able to exchange LLDP-MED messages between the 3750 I am using for testing, and the phone. The result of this is that the Phone learns the voice vlan via LLDP in the same way as a cisco phone would. Which is great because it means the phone does not need ot get this info from a data vlan first. This aspect works fine in testing.
The IP Phonne has its dot1x supplicant disabled so it will not send EAPOL messages. The hosts behind it however, are allowed to pass-through EAPOL. At the moment though I am concentrating on the phone only.
There is a requirement for dot1x on this network. The issue I have is that with dot1x enabled and using multi-domian authentication, the phone never seems to move to the voice vlan and so the switch correctly blocks the phone.
The LLDP-MED details for the phone look fine. A look at the '802.1x interface details' command shows that the phone is seen in the data domain and not the voice domain. The mac-address table shows the mac for the phone in the voice vlan as a staic entry with its 'ports' entry set to 'drop'.
So it looks to me as if the switch is recognising the phone and placing it onto the correct vlan. LLDP-MED clearly shows that the phone does know the voice vlan it should be using but the fact that the dot1x process always sees the phone on the data domain suggest the phone is not tagging its frames into the switch.
I think the switch is assigning the voice vlan to the phone correctly, but something in dot1x is preventing the phone from moving to it.
What needs to happen for the switch to see that the phone is in the MDA voice domain ?
If the phone was tagging with the voice vlan would that do it ?
Any suggestion very welcome, especially if I have misunderstood the process.