Hi, How does lldp-med work/interact with 802.1x ? I was under the impression that whe a port configured in multi suplicant mode phones would also be required to be authenticated over 802.1x. This doesn't seem to be the case, look like when I connect a phone lldp-med push configuration to phone and it phone come online event though that that 802.1x hasn't been enable on the phone. Am I missing somehting? My configuration look as follow..
Yes supplicant multiple is supposed to authenticate every user, however is the phone sitting in guest VLAN? As you have the guest-vlan setup same as authenticated dot1x user, you might not be seeing a difference. Please check the following:
show dot1x interface ge-0/0/8.0 detail
show ethernet-switching interfaces ge-0/0/8
Please double check the configuration matches the required:
This behavior seems to be expected to me as per the following statement
If the IP address isn't configured on the Avaya IP phone, the phone exchanges LLDP-MED information to get the VLAN ID for the voice VLAN. You must configure the voip statement on the interface to designate the interface as a VoIP interface and allow the switch to forward the VLAN name and VLAN ID for the voice VLAN to the IP telephone. The IP telephone then uses the voice VLAN (that is, it references the voice VLAN’s ID) to send a DHCP discover request and exchange information with the DHCP server (voice gateway).
Yeah I have seen that,however to me that doesn't make any sense! isns't against security to permit a non 802.1x phone to be able to exchange LLDP-MED and get vlan information and be able to grab an IP. Anyhow, I guess I'll try to open a ticket with support and see if i miss something or that really expected.