In all host mode scenarios only one device is allowed on the voice domain, it is usually the first device that is authorized. So when using 802.1x it is best to connect a small switch i.e. cisco 8 port 2960 and run NEAT if the infrastructure supports it. If not then set the port that needs multiple phones connected as a trunk port and run 802.1x on the smaller switch.
This in my opinion is a security measure where only one voice device can be authorized since qos prioritizes traffic on the voice vlan so connecting multiple phones on one port isn't ideal in most scenarios. You can also set the access vlan for that port to the voice vlan and build your authorization policy so if any requests that come through that port and switch and is profiled as a phone, they do not get the voice domain permission. This is a round about way but that is what ISE allows you to do, you can create policies however you wish.
I am not a voice engineer but I know ISE can assign QoS for wireless using the airespace attributes, I didnt know you can dynamically assign QoS policies at the switch port level, usually at the port level that is done locally on the switch and you can assign markings based on the configuration locally on the switch and the vlan, along with class-maps and policy-maps on the layer 3 interface for the voice vlan.
I am trying to understand your implementation and not questioning your knowledge as I have not had much design on the voice side outside of 802.1x.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :