s2500 running 7.2.2.1
Avaya 1616d01a phone
Below are the profiles that don't work when the port is set to untrusted. Let me know what else you want to see.
interface gigabitethernet "0/0/1"
lldp-profile "lldp-factory-initial"
aaa-profile "phone_client"
switching-profile "VLAN 50"
no trusted port
___________________________________________________________________________________
LLDP Profile "lldp-factory-initial"
-----------------------------------
Parameter Value
--------- -----
LLDP pdu transmit Enabled
LLDP protocol receive processing Enabled
LLDP transmit interval (Secs) 30
LLDP transmit hold multiplier 4
LLDP fast transmit interval (Secs) 1
LLDP fast transmit counter 4
LLDP-MED protocol Enabled
Control proprietary neighbor discovery Disabled
___________________________________________________________________________________
AAA Profile "phone_client"
--------------------------
Parameter Value
--------- -----
Initial role logon
MAC Authentication Profile N/A
MAC Authentication Default Role guest
MAC Authentication Server Group default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from ClearPass Enabled
L2 Authentication Fail Through Disabled
RADIUS Accounting Server Group N/A
RADIUS Interim Accounting Disabled
XML API server N/A
AAA unreachable role N/A
RFC 3576 server N/A
User derivation rules phoneudr
SIP authentication role N/A
Enforce DHCP Disabled
Authentication Failure Blacklist Time 3600 sec
___________________________________________________________________________________
(IDF 3 - Aruba Stack) #show aaa derivation-rules user phoneudr
User Rule Table
---------------
Priority Attribute Operation Operand Action Value Total Hits New Hits Description
-------- --------- --------- ------- ------ ----- ---------- -------- -----------
1 device-type equals phone set role phonerole 0 0
Rule Entries: 1
___________________________________________________________________________________
user-role phonerole
voip-profile "DASD-Secondary-VOIP"
access-list stateless allowall-stateless
___________________________________________________________________________________
VoIP profile "DASD-Secondary-VOIP"
----------------------------------
Parameter Value
--------- -----
VoIP VLAN 85
DSCP 0
802.1p 0
VoIP Mode static