Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

802.1x Per-User ACL and Multiple Hosts

Hi, I'm trying to find a way to enable 802.1x authentication on switchports that are using non-Cisco VoIP phones. These phones don't support 802.1x themselves and need DHCP access to the Primary VLAN to learn the correct Voice VLAN ID.

I thought the problem was solved with MAC address Bypass Authentication and 802.1x in Multi-host mode (for the PC behind the VoIP phone) but this is still insecure as now any PC behind the phone can access the network.

What I really want is for the switchport to apply a L3 ACL (Per-User ACL) when the Phone authenticates (restricting access to just VoIP) and then when a 802.1x capable PC is plugged into the phone, the switchport would re-authenticate the port and apply another ACL or remove the ACL completely.

I've just read however that 802.1x Per-User ACL is disabled in multi-host mode! Is there another way around this problem?

Thank you,

1 REPLY
Silver

Re: 802.1x Per-User ACL and Multiple Hosts

No, It's the only way around.

322
Views
0
Helpful
1
Replies
CreatePlease to create content