Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

SW 2930F Colorless Ports configure Trunk

This thread has been viewed 4 times

  • 1.  SW 2930F Colorless Ports configure Trunk

    Posted Sep 13, 2018 07:53 PM

    Hi, I just deliver a PoC to a Client to show colorless ports functionality through 802.1X authentication.  The PoC was configured with Aruba 2930F Switch 24 Ports PoE+ with WC.16.05.0007 OS, and clearpass version 6.7.0.101814 and it's working very well.

     

    Recently my client ask me if this functionality will work for a VoIP Cisco Telephone. The Phone connects direct to a SW port, and user's workstation conected to Phone via ethernet. So they need the SW port configured as a trunk with both vlans, (Data and VoIP)  The Phone supports 802.1X auth. and have the phone identified with profiling.

     

    I need to configure the SW port as trunk when Phone authenticates to wired network.

     

    The answer is if this requierement it's supported in Clearpass and/or SW and how can I configure if it's supported?

     

    Thanks

     

     



  • 2.  RE: SW 2930F Colorless Ports configure Trunk

    EMPLOYEE
    Posted Sep 13, 2018 08:27 PM
    Did you follow the ClearPass Solution Guide for Wired Policy Enforcement?


  • 3.  RE: SW 2930F Colorless Ports configure Trunk

    Posted Sep 13, 2018 08:41 PM


  • 4.  RE: SW 2930F Colorless Ports configure Trunk

    MVP EXPERT


  • 5.  RE: SW 2930F Colorless Ports configure Trunk

    EMPLOYEE
    Posted Sep 14, 2018 11:17 AM
    You should not use that for voice devices.


  • 6.  RE: SW 2930F Colorless Ports configure Trunk

    EMPLOYEE
    Posted Sep 17, 2018 11:15 AM

    When deploying phones with devices behind them, you don't need (or rather should use) the tagged voice VLAN. Supplying VLANs tagged to a phone is the legacy method for getting two different VLANs (data for the device, voice for the phone) to a single port. If all devices authenticate, there is no need to get the VLAN tagged. Let the authentication fix it for you. Just disable the voice VLAN config on your phone, DHCP (when the VLAN is supplied via DHCP) or switch (if you use LLDP to supply voice VLAN).