×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

802.1x Per-User ACL and Multiple Hosts

Unanswered Question

Hi, I'm trying to find a way to enable 802.1x authentication on switchports that are using non-Cisco VoIP phones. These phones don't support 802.1x themselves and need DHCP access to the Primary VLAN to learn the correct Voice VLAN ID.


I thought the problem was solved with MAC address Bypass Authentication and 802.1x in Multi-host mode (for the PC behind the VoIP phone) but this is still insecure as now any PC behind the phone can access the network.


What I really want is for the switchport to apply a L3 ACL (Per-User ACL) when the Phone authenticates (restricting access to just VoIP) and then when a 802.1x capable PC is plugged into the phone, the switchport would re-authenticate the port and apply another ACL or remove the ACL completely.


I've just read however that 802.1x Per-User ACL is disabled in multi-host mode! Is there another way around this problem?


Thank you,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
irisrios Wed, 06/07/2006 - 12:11
User Badges:
  • Silver, 250 points or more

No, It's the only way around.

Actions

This Discussion