07-03-2016 01:47 AM
I have a steup where there are PCs connected to network through IP phones.
What is the optimal design to authenticate both;
Authenticate IP phones through MAC auth and authenticate the PC through 802.1x and MAC auth,
So that the switch port will not open if one (Phone or PC) failed the authentication.
Solved! Go to Solution.
07-03-2016 04:08 AM
What you can do, depends on the phone, the switch and what radius server you have authenticating them..
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
07-04-2016 06:01 AM
As cjoseph already said, it raly depends on your equipement what is possible.
Most switches support session based authentication which means you ould do dot1x for both devices. Authentication success (or faillure) for 1 device doesn't matter/influence the authentications of other devices on the same port.
So the best would be session based with both devices doing dot1x, although I've often seen dot1x for the PC and mac for the phone.
Most important is the requirement for session based as opposed to port based authentication.
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.