Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
1
Replies

802.1x Per-User ACL and Multiple Hosts

richardwatson
Level 1
Level 1

‎06-01-2006 03:18 PM - edited ‎03-03-2019 03:28 AM

Hi, I'm trying to find a way to enable 802.1x authentication on switchports that are using non-Cisco VoIP phones. These phones don't support 802.1x themselves and need DHCP access to the Primary VLAN to learn the correct Voice VLAN ID.

I thought the problem was solved with MAC address Bypass Authentication and 802.1x in Multi-host mode (for the PC behind the VoIP phone) but this is still insecure as now any PC behind the phone can access the network.

What I really want is for the switchport to apply a L3 ACL (Per-User ACL) when the Phone authenticates (restricting access to just VoIP) and then when a 802.1x capable PC is plugged into the phone, the switchport would re-authenticate the port and apply another ACL or remove the ACL completely.

I've just read however that 802.1x Per-User ACL is disabled in multi-host mode! Is there another way around this problem?

Thank you,

Labels:
0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎06-07-2006 12:11 PM

No, It's the only way around.

0 Helpful
Customers Also Viewed These Support Documents