From: austin okojie (aiokojie@yahoo.com)
Date: Tue Sep 02 2008 - 15:28:02 ART
Hi All,
Thanks for your contribution.
Something else I failed to mention is
we are looking to dynamically assign the port to an access VLAN once the User
authenticates based on configured radius attributes in CSACS, Data VLANS will
not be manually configured on the ports.
Any help would be useful.
-----
Original Message ----
From: Ajith Nair <kuttappan@gmail.com>
To: austin okojie
<aiokojie@yahoo.com>
Sent: Tuesday, 2 September, 2008 14:03:07
Subject: Re:
802.1x authentication and IP-Phones
Easiest method is to use voice VLAN
feature and attach all phones
to a seperate VLAN fro voice. Once the phone is
attached to voice
VLAN i believe it will bypass 802.1x (not sure 100%). The PC
behind
the phone will
still be attached to the main VLAN subject to the 802.1x
authetnication.
Some of the switch platforms also have the ability to bypass
Cisco IP
phones from 802.1x.
many of the new cisco phone models have 802.1x
supplicant built in
-K
On Tue, Sep 2, 2008 at 8:24 AM, austin okojie
<aiokojie@yahoo.com> wrote:
> Hi All,
> B
> We are planning an enterprise
implementation of 802.1x
> authentication on our IP-Telephony network.
Basically we run Cisco IP phones
> on our network with desktops connected to
the phones. We are concerned about
> implementing 802.1x authentication on
these switchports as the PCs are not
> directly connected, I have heards about
a solution of using CDP to bypass the
> problem or using SNMP for out-of-bound
authentication of the phones.
> B
> I was
> wondring if anyone good point me
to configuration examples or any Cisco docs
> that show how to implement this.
> B
> Any help is much appreciated.
>
> Send
> instant messages to your online
friends http://uk.messenger.yahoo.com
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:17 ART