Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to support 802.1x guest vlan behind ip phone?

I have configured 802.1x and voice vlan ,guest vlan on my switch ,but guest user can not enter guest vlan ,it always prompt "dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not applicable. Supplicant disabled and EAPOL seen on port FastEthernet0/21."

interface FastEthernet0/20

switchport access vlan 201

switchport mode access

switchport voice vlan 1

dot1x pae authenticator

dot1x port-control auto

dot1x max-req 1

dot1x max-reauth-req 1

dot1x reauthentication

dot1x guest-vlan 202

dot1x auth-fail vlan 202

spanning-tree portfast

if I enable "dot1x host-mode multi-host" ,my 802.1x user can not be authorized ,it prompt "1d00h: dot1x-ev:dot1x_guest_vlan_modify_host_mode: Guest VLAN feature overriding host_mode on port FastEthernet0/21, forcing to DOT1X_MULTI_HOST"

interface FastEthernet0/21

switchport access vlan 201

switchport mode access

switchport voice vlan 1

dot1x pae authenticator

dot1x port-control auto

dot1x host-mode multi-host

dot1x max-req 1

dot1x max-reauth-req 1

dot1x reauthentication

dot1x guest-vlan 202

dot1x auth-fail vlan 202

spanning-tree portfast

end

Anyone have some advise ?

1 REPLY
New Member

Re: how to support 802.1x guest vlan behind ip phone?

I recently got the answer for this on this forum. you need to have following global config command in your switch.

"dot1x guest-vlan supplicant"

Because the switch received EAPOL-Start from the PC it won't get the guest vlan. However, because the PC doesn't have the Cert it won't reply to EAPOL-Id-Request from the switch. So as this not realy a Auth-fail the PC won't even get a Auth-fail vlan.

The above command should allow the switch to put the port in Guest VLAN.

Anand

403
Views
0
Helpful
1
Replies
CreatePlease to create content