Voice VLAN's and Vlan assignment via 802.1x is possible and it works as I have tested it recently. The access VLAN is supplied by the Radius server in the AV pair value 81 (Tunnel-Pvt-Group-ID). The switch must be configured for network authorisation of this to work (aaa authorization network), as well as 802.1x being configured.
Dynamic VLAN's requires the use of VMPS, this is different to 802.1x in that the client device has no involvment. The VMPS Server (usually a Cat5000 switch or a URT appliance) has a list of MAC-to-VLAN mappings, so when a device connects the switch sends a request to the VMPS server for the VLAN of the MAC address (this is a simplistic view of what actually happens). Again this works independently of Voice VLAN's so your Voice VLAN's will work with this feature.
I have to question why anyone would need dynamic VLAN's though.......... Doesn't IP switch at wirespeed ;o)
Thanks. So the access VLAN modifies the native VLAN? I was wondering if it only worked on access ports, rather than trunk ports.
The owner of a multi-tenant building wants to use the ACS to assign users to VLANs (via MAC addresses). It is supposed to simplify switch administration. The turn over of small companies renting space is usually quite high so the idea is that any incoming company gives over the MAC addresses of their machines, these are quickly entered into the ACS and made members of a group with a particular VLAN. It then doesn't matter which office they use, the ports will dynamically be placed into the correct VLAN. They can also then troll downstairs to the coffee bar or meeting rooms and use the copper ports and they'll be on their own VLAN straight away. Well that's the idea.
Voice VLAN's don't require trunk ports to be configured (unless you are talkling about 2900XL/3500XL switches). Cisco added the ability to trunk a single 802.1q VLAN down an access port in addition to the access vlan - so in 2950 or above the only config you need is:
switchport mode access
switchport access vlan 10
switchport voice vlan 100
This is effectively the same as:
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 10
switchport trunk allowed vlan 10,100
The only difference is the CDP message with the first config will advertise the Voice VLAN capability and the tag.
With the older 2900XL/3500XL switches you had to configure the interfaces like the second example (plus adding the command switchport voice vlan xx for CDP to inform the IP Phone of the voice vlan).
QoS is not detailed anywhere here and that obviously plays an important role with voice.
In your scenario I am not sure ACS can do what you describe as this will require 802.1x supplicants on the client PC's (I may be wrong here and I do remember someone talking about switches being able to do an 802.1x 'proxy' using the MAC address on behalf of non 802.1x capable devices). This seems to me more of a VMPS application.
Personally I would reconfigure the network each time and charge the occupants a small fee for network setup.....
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...