I've got a unique setup I'm trying to get set up with regards to 802.1x and have ran into some issues. I've got Avaya phones that I need to authenticate onto the voice vlan that they are getting via LLDP. But I'm only using 802.1x to keep things off the voice VLAN which is in a VRF. The PCs that will either be connected to the back of the phone or plugged directly into the switch cannot be configured for 802.1x as these PCs are not owned by the department.
My idea was to run multi-domain as seems to be the suggestion for phone deployments and then put anything that fails authentication into the Data VLAN (30) using guest-vlan as well as authorizing them to Vlan 30 when authentication fails. It seems like authentication fail Vlan and guest Vlan cannot be used in multi-domain mode though, so I'm out of ideas and the port is not working properly. Here is my current config that is not working as it's not putting the PC into Vlan 30 when authentication fails. Vlan 40 is the voice Vlan. Vlan 30 is the data Vlan.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...