Identity and Policy Control
Reply
Visitor
yuvarajR
Posts: 8
Registered: ‎04-09-2012
0

802.1x for avaya IP phones

Hi,

 

   I am trying to do dot1x on avaya ip phones using IC4500. Configured local mac auth server and mac realm which is mentioned on locations group. On my phone as a user ID it is taking its MAC id but for password i have to give a separate on rather than mac ID becuase i am not able to mentions the password in IC & also the mac realm. 

 

   Please give you info on this.

Recognized Expert
Raveen
Posts: 404
Registered: ‎04-15-2010
0

Re: 802.1x for avaya IP phones

Hi,

 

While configuring IC for MAC-AUTHENTICATION, you would add only mac-address.

For successful authentication NAS should send User-Name and Password attribute with Mac-Address.

 

If the NAS is not sending mac-address as part of user-name and password attribute, then you must check with your NAS vendor.

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Super Contributor
apaul
Posts: 151
Registered: ‎11-06-2009
0

Re: 802.1x for avaya IP phones

Just adding to Raveen's response, MAC auth in most cases are configured at the switch level.

Have you configured the switch to do MAC documentation with IC ?

 

Thanks

 

Ashish Paul
Visitor
yuvarajR
Posts: 8
Registered: ‎04-09-2012
0

Re: 802.1x for avaya IP phones

Hi,

 

 Thanks for your response. I am using Juniper EX4200 as a NAS device can you tell me what should i configure in the switch.

 

regards,

Yuvaraj

Super Contributor
apaul
Posts: 151
Registered: ‎11-06-2009
0

Re: 802.1x for avaya IP phones

Contributor
milind.mistry@essar.com
Posts: 53
Registered: ‎12-24-2010
0

Re: 802.1x for avaya IP phones

Does anyone having an idea which return attribute we need to use for Cisco 2960 for voice vlan feature ?

Recognized Expert
Raveen
Posts: 404
Registered: ‎04-15-2010
0

Re: 802.1x for avaya IP phones

Hi

 

I believe this is the one!

 

Cisco-AVPAIR with value device-traffic-class=voice.

 

Regards,

Raveen

 

Note: If this answers your query, you could mark this as accepted solution, that way it might help other as well. Kudo would be a bonus!!

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Contributor
milind.mistry@essar.com
Posts: 53
Registered: ‎12-24-2010
0

Re: 802.1x for avaya IP phones

Cisco-AVPAIR device-traffic-class= voice - vlan id or vlan name should i put

 

i have got vlan-id 291 and name is voice-test..

Recognized Expert
Raveen
Posts: 404
Registered: ‎04-15-2010
0

Re: 802.1x for avaya IP phones

You could use standard radius attributes for dynamic VLAN assignment.

 

Tunnel-Medium-Type(65): 802

Tunnel-Private-Group-Id(81): 291 (VLAN-Id)

Tunnel-Type(64): VLAN

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Contributor
Stanislas P
Posts: 35
Registered: ‎10-18-2010
0

Re: 802.1x for avaya IP phones

Hi,

 

in a configuration with both IP Phone and PC are connected on the same switch port, the configuration is the folowing:

- Data VLAN is configured as Access VLAN

- Voice VLAN is tagged with 802.1Q

 

In 802.1X, RADIUS server can provide only VLAN number for Acces (without 802.1Q tagging)

for the Voice VLAN, you need to configure the voice VLAN on the switch port, and configure the RADIUS Server (the IC in your configuration) to send attribute : Cisco-AVPair == "device-traffic-class=voice" to use the VLAN configured as voice vlan.

 

http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/802_1x_ciscomda.pdf

 

Stanislas

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.