Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1X MDA Packet Format Question

When a phone is on the voice vlan packet destined for it should have a 802.1q tag with a VLAN ID of the voice vlan.

Does the EAP packet (for the phone) have an 802.1q vlan header when using 802.1X MDA? What about re-authentication packets?

The RFC says VLAN tagging is not supported but it was not written with MDA in mind.


Re: 802.1X MDA Packet Format Question

You can add MAC address on ACS for MAB with asterix *. ---> This immediately allows you to get the IP-phones added to the

voice-VLAN. guess its not possible, that a "2-VLAN-trunk" between the ATA186 and the switch is getting build up. Exactly for all those devices MDA has been developed.

Cisco Employee

Re: 802.1X MDA Packet Format Question

EAPOL frames are not tagged. It wouldn't matter what vlan a device thinks it should be on. If the switch has not authenticated it, it wouldn't know it's a phone (yet) anyway.

EAPOL is sent to the specific MAC address of the device for ports enabled for MDA. This includes re-auth frames.

CreatePlease login to create content