MAC+802.1x EAP authentication and Dynamic VLAN assignment with PC connected to IP Phones
Hello,
We currently have Zyxel switches models GS3700-24HP, XGS3700-48HP and GS3700-48HP.
We need to implement MAC + 802.1x authentication & Dynamic VLAN Assignment for IP Phones connected to the switches and computers connected through the phones.
The scenario is as follows:

- All IP Phones are connected to the Zyxel switches
- All computers are connected to the IP Phones
- IP Phones need to use MAC Authentication and be assigned VLAN10-ToIP
- PCs need to be dynamically assigned a VLAN based on their certificate (802.1x EAP)
- User having no certificate are assigned Guest VLAN
Is this scenario feasible regarding our current switch models?
If so, what are the steps to achieve this?
Many thanks for your answers
Cheers
We currently have Zyxel switches models GS3700-24HP, XGS3700-48HP and GS3700-48HP.
We need to implement MAC + 802.1x authentication & Dynamic VLAN Assignment for IP Phones connected to the switches and computers connected through the phones.
The scenario is as follows:

- All IP Phones are connected to the Zyxel switches
- All computers are connected to the IP Phones
- IP Phones need to use MAC Authentication and be assigned VLAN10-ToIP
- PCs need to be dynamically assigned a VLAN based on their certificate (802.1x EAP)
- User having no certificate are assigned Guest VLAN
Is this scenario feasible regarding our current switch models?
If so, what are the steps to achieve this?
Many thanks for your answers
Cheers
0
All Replies
-
Hi @MatC_AVA6,
Welcome to Zyxel Community!
To achieve the goal, please refer to this link on how to configure MAC + 802.1x authentication.
But according to your topology, there will be some circumstances if the computer is connected to IP phones. The IP phone will be allocated to guest VLAN only due to IP phone doesn't have credentials as PC have. So it will fail to authenticate 802.1x and will be put on guest VLAN.
For the physical connection, we suggest separating the PC & IP phone connectivity to switch.
Example: PC1 to port 1 and IP phone1 to port 2.
In this condition, you may configure 802.1x authentication for PCs and MAC-authentication with correct PVID for IP phones.
Hope it helps!Jonas0 -
What not use Voice VLAN for IP phones and 802.1x port authentication for PCs?0
Categories
- 8.1K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 224 Security Ideas
- 967 Switch
- 46 Switch Ideas
- 868 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 53 Security Advisories
- 12 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 66 About Community
- 44 Security Highlight