I have configured 802.1x and voice vlan ,guest vlan on my switch ,but guest user can not enter guest vlan ,it always prompt "dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/21."
switchport access vlan 201
switchport mode access
switchport voice vlan 1
dot1x pae authenticator
dot1x port-control auto
dot1x max-req 1
dot1x max-reauth-req 1
dot1x guest-vlan 202
dot1x auth-fail vlan 202
if I enable "dot1x host-mode multi-host" ,my 802.1x user can not be authorized ,it prompt "1d00h: dot1x-ev:dot1x_guest_vlan_modify_host_mode: Guest VLAN feature overriding host_mode on port FastEthernet0/21, forcing to DOT1X_MULTI_HOST"
Re: how to support 802.1x guest vlan behind ip phone?
I recently got the answer for this on this forum. you need to have following global config command in your switch.
"dot1x guest-vlan supplicant"
Because the switch received EAPOL-Start from the PC it won't get the guest vlan. However, because the PC doesn't have the Cert it won't reply to EAPOL-Id-Request from the switch. So as this not realy a Auth-fail the PC won't even get a Auth-fail vlan.
The above command should allow the switch to put the port in Guest VLAN.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...