MAC+802.1x EAP authentication and Dynamic VLAN assignment with PC connected to IP Phones
Hello,
We currently have Zyxel switches models GS3700-24HP, XGS3700-48HP and GS3700-48HP.
We need to implement MAC + 802.1x authentication & Dynamic VLAN Assignment for IP Phones connected to the switches and computers connected through the phones.
The scenario is as follows:
- All IP Phones are connected to the Zyxel switches
- All computers are connected to the IP Phones
- IP Phones need to use MAC Authentication and be assigned VLAN10-ToIP
- PCs need to be dynamically assigned a VLAN based on their certificate (802.1x EAP)
- User having no certificate are assigned Guest VLAN
Is this scenario feasible regarding our current switch models?
If so, what are the steps to achieve this?
Many thanks for your answers
Cheers
We currently have Zyxel switches models GS3700-24HP, XGS3700-48HP and GS3700-48HP.
We need to implement MAC + 802.1x authentication & Dynamic VLAN Assignment for IP Phones connected to the switches and computers connected through the phones.
The scenario is as follows:
- All IP Phones are connected to the Zyxel switches
- All computers are connected to the IP Phones
- IP Phones need to use MAC Authentication and be assigned VLAN10-ToIP
- PCs need to be dynamically assigned a VLAN based on their certificate (802.1x EAP)
- User having no certificate are assigned Guest VLAN
Is this scenario feasible regarding our current switch models?
If so, what are the steps to achieve this?
Many thanks for your answers
Cheers
0
All Replies
-
Hi @MatC_AVA6,
Welcome to Zyxel Community!
To achieve the goal, please refer to this link on how to configure MAC + 802.1x authentication.
But according to your topology, there will be some circumstances if the computer is connected to IP phones. The IP phone will be allocated to guest VLAN only due to IP phone doesn't have credentials as PC have. So it will fail to authenticate 802.1x and will be put on guest VLAN.
For the physical connection, we suggest separating the PC & IP phone connectivity to switch.
Example: PC1 to port 1 and IP phone1 to port 2.
In this condition, you may configure 802.1x authentication for PCs and MAC-authentication with correct PVID for IP phones.
Hope it helps!Zyxel_Jonas
https://us.v-cdn.net/6029482/uploads/78HOOSV0BUBI/240828-nebula-27s-intentcommunity-homepage-1920-x-400.jpgDon't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
What not use Voice VLAN for IP phones and 802.1x port authentication for PCs?0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight