I am trying to get 802.1x fully working in our LAN. I get it working in lab test for all the PC,but we using IP phones which are not cisco and do not support 802.1x Authentication. I wanted to using MAC bypass for these phone;however, it seems the 2950T with EI image does not have mab and pae commands under in the terface command! I did upgrade the IOS from c2950-i6q4l2-mz.121-22.EA6.bin to c2950-i6q4l2-mz.121-22.EA12.bin with no LUCK!
And I want to deny access to switch port behind these phones as I already have two cable drop for each office and cubicle. The only way that i can block these ports is to use port-security and hardcoded the MAC of each phone and set the mac-max=1. To reduce IT intervention, I don't want to go down this road. Is there a way to acomplish that?