Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1x for avaya IP phones

yuvarajR_
Occasional Contributor
‎04-23-2012 06:57:AM
‎04-23-2012 06:57:AM

802.1x for avaya IP phones

Hi,

I am trying to do dot1x on avaya ip phones using IC4500. Configured local mac auth server and mac realm which is mentioned on locations group. On my phone as a user ID it is taking its MAC id but for password i have to give a separate on rather than mac ID becuase i am not able to mentions the password in IC & also the mac realm.

Please give you info on this.

0 Kudos
9 REPLIES 9
Raveen_
Regular Contributor
‎04-23-2012 07:40:PM
‎04-23-2012 07:40:PM

Re: 802.1x for avaya IP phones

Hi,

While configuring IC for MAC-AUTHENTICATION, you would add only mac-address.

For successful authentication NAS should send User-Name and Password attribute with Mac-Address.

If the NAS is not sending mac-address as part of user-name and password attribute, then you must check with your NAS vendor.

Regards,

Raveen

0 Kudos
apaul_
Regular Contributor
‎04-23-2012 09:51:PM
‎04-23-2012 09:51:PM

Re: 802.1x for avaya IP phones

Just adding to Raveen's response, MAC auth in most cases are configured at the switch level.

Have you configured the switch to do MAC documentation with IC ?

Thanks

0 Kudos
yuvarajR_
Occasional Contributor
‎04-23-2012 10:54:PM
‎04-23-2012 10:54:PM

Re: 802.1x for avaya IP phones

Hi,

Thanks for your response. I am using Juniper EX4200 as a NAS device can you tell me what should i configure in the switch.

regards,

Yuvaraj

0 Kudos
apaul_
Regular Contributor
‎04-23-2012 11:13:PM
‎04-23-2012 11:13:PM

Re: 802.1x for avaya IP phones

This should help

http://www.juniper.net/techpubs/en_US/junos11.1/topics/example/authentication-mac-radius-ex-series.h...

0 Kudos
milind.mistry_
New Contributor
‎05-09-2012 11:05:PM
‎05-09-2012 11:05:PM

Re: 802.1x for avaya IP phones

Does anyone having an idea which return attribute we need to use for Cisco 2960 for voice vlan feature ?

0 Kudos
Raveen_
Regular Contributor
‎05-09-2012 11:57:PM
‎05-09-2012 11:57:PM

Re: 802.1x for avaya IP phones

Hi

I believe this is the one!

Cisco-AVPAIR with value device-traffic-class=voice.

Regards,

Raveen

Note: If this answers your query, you could mark this as accepted solution, that way it might help other as well. Kudo would be a bonus!!

0 Kudos
milind.mistry_
New Contributor
‎05-10-2012 12:27:AM
‎05-10-2012 12:27:AM

Re: 802.1x for avaya IP phones

Cisco-AVPAIR device-traffic-class= voice - vlan id or vlan name should i put

i have got vlan-id 291 and name is voice-test..

0 Kudos
Raveen_
Regular Contributor
‎05-10-2012 02:15:AM
‎05-10-2012 02:15:AM

Re: 802.1x for avaya IP phones

You could use standard radius attributes for dynamic VLAN assignment.

Tunnel-Medium-Type(65): 802

Tunnel-Private-Group-Id(81): 291 (VLAN-Id)

Tunnel-Type(64): VLAN

Regards,

Raveen

0 Kudos
Stanislas P_
Contributor
‎05-10-2012 02:54:AM
‎05-10-2012 02:54:AM

Re: 802.1x for avaya IP phones

Hi,

in a configuration with both IP Phone and PC are connected on the same switch port, the configuration is the folowing:

- Data VLAN is configured as Access VLAN

- Voice VLAN is tagged with 802.1Q

In 802.1X, RADIUS server can provide only VLAN number for Acces (without 802.1Q tagging)

for the Voice VLAN, you need to configure the voice VLAN on the switch port, and configure the RADIUS Server (the IC in your configuration) to send attribute : Cisco-AVPair == "device-traffic-class=voice" to use the VLAN configured as voice vlan.

http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/802_1x_ciscomda.pdf

Stanislas

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.