Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
10
Helpful
3
Replies

Using 802.1x with trunking VOIP trunked access ports

Jeff.sadowski
Level 1
Level 1

‎04-14-2006 07:27 AM - edited ‎03-09-2019 02:37 PM

I am currently researching 802.1x port authenication. Our currently access layer switches are 3750 with PoE. The port are currently configured with 802.1q trunking (a voice and data vlan) and QOS enabled. IOS level of 12.1.19. When setting up 802.1x port it is requiring the port to be set to switchport mode access, removing the trunking and QOS settings. Is there a way to have 802.1q and 802.1x configured together and maint. QOS for voice on a 3750 PoE switch?

Labels:
0 Helpful
3 Replies 3

jafrazie
Cisco Employee
Cisco Employee

‎04-14-2006 10:46 AM

What type of phones do you have?

Here's a working example from a 3750:

interface GigabitEthernet1/0/2

switchport access vlan 31

switchport mode access

switchport voice vlan 32

load-interval 30

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

dot1x pae authenticator

dot1x port-control auto

spanning-tree portfast

spanning-tree bpduguard enable

Jeff.sadowski
Level 1
Level 1
In response to jafrazie

‎04-17-2006 04:50 AM

We have several models of the Cisco phone (mostly the 7960) and also using Tandberg video screens too.

I have one more question. If you are using multiple vlan with 802.1x to allow different area of a company access into the network. (Example, a 802.1x vlan for internal employees, a vlan for contractors, a vlan for vendors and a vlan for clients). How will that be done with this port configuration. I am assuming that removing switchport access vlan 31, would then allow 802.1x to assign a vlan for the port used for data communication.

0 Helpful

jafrazie
Cisco Employee
Cisco Employee
In response to Jeff.sadowski

‎04-17-2006 06:56 AM

Not exactly. You could allow RADIUS to perform VLAN Assignment for 802.1X on the prior port config just fine. You don't need to remove VLAN31. After all, if you "removed" it, you'd really just be setting it to "1" instated of "31" ;-). VLAN31 in the prior config would be the PVID for anything that would plug in and NOT be assigned a VLAN from RADIUS. Technically, you could still assign it 31 as well .. or any other VLAN. Chances could be this port config already exists in your environment too (just minus the 1X part).

Hoep this helps,

Customers Also Viewed These Support Documents