We are deploying dot1x in a relativly large network. We are going to use PEAP-TLS machine authentication (no user auth) with mac-address bypass. How do we handle ip-phones in this scenario? Do we need to authenticate the phone with PEAP-TLS or can we use mac-address authentication for the phones? How do we handle the voice vlan on a dot1x enabled port, will the static command voice vlan xxx work on a dot1x enabled port and is this a security issue?