Hi, I'm trying to find a way to enable 802.1x authentication on switchports that are using non-Cisco VoIP phones. These phones don't support 802.1x themselves and need DHCP access to the Primary VLAN to learn the correct Voice VLAN ID.
I thought the problem was solved with MAC address Bypass Authentication and 802.1x in Multi-host mode (for the PC behind the VoIP phone) but this is still insecure as now any PC behind the phone can access the network.
What I really want is for the switchport to apply a L3 ACL (Per-User ACL) when the Phone authenticates (restricting access to just VoIP) and then when a 802.1x capable PC is plugged into the phone, the switchport would re-authenticate the port and apply another ACL or remove the ACL completely.
I've just read however that 802.1x Per-User ACL is disabled in multi-host mode! Is there another way around this problem?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...