Voice Vlan compatibility with 802.1x authentication ?

Millbull · June 13

Hello,

I'm having trouble with Voice vlan and 802.1x authentication.

On my GS1920-48HP (v4.80), 802.1X and radius is working fine.

My settings are:

Vlan 100, 110, 252 untagged (802.1x enabled)

Vlan 20 (guest vlan), untagged. And Vlan 20 PVID on all ports with 802.1X enabled.

I've configured Voice vlan 3 with OUI for my Polycom Ip phones.

All ports on vlan 3 untagged.

When I connect an Ip phone, it shows PVID 3 in the Mac Table section but the phone gets an IP adress from Vlan 20 (guest vlan).

The only way I've found to put the phone in Vlan 3 is to disable Vlan 20 on this port.

So, is Voice Vlan compatible with 802.1X and guest vlan, and if so, what could be the problem?

Regards

Zyxel_Melen · June 16

Hi @Millbull

The Voice VLAN has higher priority than 802.1X and guest VLAN.

I did a local lab and my IP phone can get the correct IP address from voice VLAN interface.

May I know if your configuration is the same as your provided before? If so, I will check your configuration.

Please also help to check:

1. Does there have any VLAN mis-configuration in your topology?

2. Does your IP phone set static IP address or static VLAN?

Millbull · June 16

Hi @Melen,

Thank for the reply.

The IP phone uses dhcp.

I will send you a private message with the config file and tech-support.

Regards

Zyxel_Melen · July 9

Update:

After comparing the DHCP packets between fixed guest VLAN and forbidden guest VLAN, we found the DHCP offer packet from Voice VLAN and guest VLAN is the same transaction ID. This could be the guest VLAN DHCP server port is an untagged member of Voice VLAN. This makes the DHCP discovery packet untagged Voice VLAN and the guest VLAN DHCP server reply to the client's request.

Voice Vlan compatibility with 802.1x authentication ?

All Replies

Categories

Switch Help Center