Home
Certification Preparation
Cisco
CCNP
CCNP Collaboration
Voice VLan and Dot1x
DevilWAH
Hi,
I am implementing Dot1x on my network and I was wondering if it is possible for phones to bypass the Dot1x process.
What I mean by this is if a PC is connected to a phone (non cisco) and the phone to the switch port that is dot1x enabled. is it possible for the switch based on the vendor ID of the mac to place the phone in to the Voice vlan with out carrying out full dot1x authentication sending request to radius server etc?
The reason I ask is that many NAC solutions charge based on number of devices, so to be able to remove the phones from the loop will save a lot of cash.
Thank you
Find more posts tagged with
Comments
shodown
This is going to get ugly.
There is a bypass feature. However with your setup the security risk that you are trying to overcome you kinda open it backup depending on how what you choose to bypass. I can't remember what doc its in, but its out there. Good luck let us know how you overcome it.
I usually steer customers away from this while I'm doing any type of voip implementation, and have a security group come in to really get a design down and good implementation.
DevilWAH
with mac bypass it still send the mac to the authenticion server.
i was thinking more like you can with lldp where you assign the phone to the voice vlan using the vendo code.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
