Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IC 4500, Cisco 3560 switch, Avaya IP Phone, and 802.1x

SOLVED
Go to solution
l0stb0y_
Contributor
‎06-29-2009 07:33:AM
‎06-29-2009 07:33:AM

IC 4500, Cisco 3560 switch, Avaya IP Phone, and 802.1x

We are looking at using the UAC for preventing unauthorized use of our switchports (802.1x with host checking). We have already deployed the Odyssey client to workstations for a wireless implementation. I have verified that a PC authenticates and does host checking through the Cisco switch to the UAC and then gets put on the data VLAN as it should.

The problem I am having is I need to authenticate Avaya IP phones too. I created local accounts for the phones since they use the MAC address as the username. The phone 802.1x authentication occurs on the data VLAN and is successful, but then the phone never receives DHCP for the voice VLAN. If I remove the 802.1x requirement from the switchport the phone does what it supposed to which is to boot on the data VLAN and then DHCP options move it to the voice VLAN. With 802.1x enabled it appears the phone stays on the data VLAN. Is there something I need to configure in the UAC to allow it to change VLANs?

Thanks!

Rob

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
l0stb0y_
Contributor
‎06-30-2009 06:20:AM
‎06-30-2009 06:20:AM

Re: IC 4500, Cisco 3560 switch, Avaya IP Phone, and 802.1x

I discovered my problem has nothing to do with the IC settings. When doing a packet capture of the IP phone after it authenticates you see the DHCP requests, but there are never any DHCP offers. The phone only gets a DHCP address if the Cisco switchport has authentication host-mode multi-host configured which creates a new problem for me to research elsewhere.

View solution in original post

0 Kudos
3 REPLIES 3
ManojReddy_
Contributor
‎06-29-2009 07:45:AM
‎06-29-2009 07:45:AM

Re: IC 4500, Cisco 3560 switch, Avaya IP Phone, and 802.1x

See if this helps: http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/dot1x-cisco-96x.pdf
0 Kudos
l0stb0y_
Contributor
‎06-29-2009 08:33:AM
‎06-29-2009 08:33:AM

Re: IC 4500, Cisco 3560 switch, Avaya IP Phone, and 802.1x

Hi ManojReddy,

Thank-you for the quick response. Unfortunately, that document pertains to a Cisco device running CatOS, not IOS like we use. We are configured more similar to: http://www.avaya.com/master-usa/en-us/resource/assets/applicationnotes/802_1x_ciscomda.pdf

I wonder if there is somewhere in the IC4500 that I have to explicitly tell it that the phone can move from the data VLAN to the voice VLAN? It passes the 802.1x fine but never moves VLANs. If the port is not configured to do 802.1x against the IC, the process works fine which leads me to believe that the Cisco and Avaya configs are good.

Thanks,

Rob

0 Kudos
l0stb0y_
Contributor
‎06-30-2009 06:20:AM
‎06-30-2009 06:20:AM

Re: IC 4500, Cisco 3560 switch, Avaya IP Phone, and 802.1x

I discovered my problem has nothing to do with the IC settings. When doing a packet capture of the IP phone after it authenticates you see the DHCP requests, but there are never any DHCP offers. The phone only gets a DHCP address if the Cisco switchport has authentication host-mode multi-host configured which creates a new problem for me to research elsewhere.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.