I am trying to do dot1x on avaya ip phones using IC4500. Configured local mac auth server and mac realm which is mentioned on locations group. On my phone as a user ID it is taking its MAC id but for password i have to give a separate on rather than mac ID becuase i am not able to mentions the password in IC & also the mac realm.
Please give you info on this.
While configuring IC for MAC-AUTHENTICATION, you would add only mac-address.
For successful authentication NAS should send User-Name and Password attribute with Mac-Address.
If the NAS is not sending mac-address as part of user-name and password attribute, then you must check with your NAS vendor.
Just adding to Raveen's response, MAC auth in most cases are configured at the switch level.
Have you configured the switch to do MAC documentation with IC ?
Thanks for your response. I am using Juniper EX4200 as a NAS device can you tell me what should i configure in the switch.
I believe this is the one!
Cisco-AVPAIR with value device-traffic-class=voice.
Note: If this answers your query, you could mark this as accepted solution, that way it might help other as well. Kudo would be a bonus!!
Cisco-AVPAIR device-traffic-class= voice - vlan id or vlan name should i put
i have got vlan-id 291 and name is voice-test..
You could use standard radius attributes for dynamic VLAN assignment.
Tunnel-Private-Group-Id(81): 291 (VLAN-Id)
in a configuration with both IP Phone and PC are connected on the same switch port, the configuration is the folowing:
- Data VLAN is configured as Access VLAN
- Voice VLAN is tagged with 802.1Q
In 802.1X, RADIUS server can provide only VLAN number for Acces (without 802.1Q tagging)
for the Voice VLAN, you need to configure the voice VLAN on the switch port, and configure the RADIUS Server (the IC in your configuration) to send attribute : Cisco-AVPair == "device-traffic-class=voice" to use the VLAN configured as voice vlan.