I'm having an issue configuring a Pulse Access control.
What I'm aiming for:
An IP phone (802.1X disabled) is connected to a EX switch, MAC authenticated and assigned to VLAN 600.
A PC (Odyssey client) connects to the PC port on the phone, the IC authenticates using 802.1X and assigns to vlan 400.
What I have:
I created a MAC Address Realm and linked to a MAC Phone role and Auth Server. IP Phone can login correctly,
I also created a Local Authentication Server containing a user.
I have 2 different location groups each to a different Radius Client (same IP though) a single sing-in policy for users (802.1X) and a User Realm linked to his User Role.
When I plug the PC to a 802.1X enabled port, the IC tries to authenticate it trough the MAC Location Group.
How can I make the IC differentiate between MAC and 802.1X authentication clients?
IC does not allow you to add two differnet radius client entry for the same IP-address.
I am surprised that you are able to configure it!
You need not have two location group for your use case.
You can have once location group and add both MAC auth realm and sign-in URL to it.
Thanks for your reply.
Yes, I was able to create 2 different radius clients with the same ip address.
Also, I noticed that the problem was my ip phone(NEC)...
It didn't have EAPoL enabled.
Right after enabling it the solution was working just fine.