04-23-2012 06:57 AM
I am trying to do dot1x on avaya ip phones using IC4500. Configured local mac auth server and mac realm which is mentioned on locations group. On my phone as a user ID it is taking its MAC id but for password i have to give a separate on rather than mac ID becuase i am not able to mentions the password in IC & also the mac realm.
Please give you info on this.
04-23-2012 07:40 PM
While configuring IC for MAC-AUTHENTICATION, you would add only mac-address.
For successful authentication NAS should send User-Name and Password attribute with Mac-Address.
If the NAS is not sending mac-address as part of user-name and password attribute, then you must check with your NAS vendor.
04-23-2012 09:51 PM
Just adding to Raveen's response, MAC auth in most cases are configured at the switch level.
Have you configured the switch to do MAC documentation with IC ?
05-09-2012 11:57 PM
I believe this is the one!
Cisco-AVPAIR with value device-traffic-class=voice.
Note: If this answers your query, you could mark this as accepted solution, that way it might help other as well. Kudo would be a bonus!!
05-10-2012 02:15 AM
You could use standard radius attributes for dynamic VLAN assignment.
Tunnel-Private-Group-Id(81): 291 (VLAN-Id)
05-10-2012 02:54 AM
in a configuration with both IP Phone and PC are connected on the same switch port, the configuration is the folowing:
- Data VLAN is configured as Access VLAN
- Voice VLAN is tagged with 802.1Q
In 802.1X, RADIUS server can provide only VLAN number for Acces (without 802.1Q tagging)
for the Voice VLAN, you need to configure the voice VLAN on the switch port, and configure the RADIUS Server (the IC in your configuration) to send attribute : Cisco-AVPair == "device-traffic-class=voice" to use the VLAN configured as voice vlan.