HPE Community
Security e-Series
1752794 Members
5907 Online
108789 Solutions
New Discussion

802.1X - VOIP Phones problem

 
Nuno_Barros
Occasional Contributor

‎08-12-2014 08:02 AM

‎08-12-2014 08:02 AM

802.1X - VOIP Phones problem

Hi everybody,

 

I have the following problem and hope that with your experience you can help me.

 

I need to configuring 802.1X in all switches of our network, most of the edges switches are HP 2524. Because of that, in lab, i configured one 2524 and consider that:

 

VLAN 1 - authenticated (all ports untagged)

VLAN 2 - VOIP (all ports tagged)

VLAN 3 - Unauthenticated

 

until now, (with success) i can have a domain computer authenticated and a non domain computer receive an ip of the unauthenticated vlan.

 

The problem is when a put a voip phone in the middle. I have the following situations:

 

If the voip phone is already configured with VLAN 2. It works perfectly (Because the packet goes with the vlan marked)

 

If the voip phone is not configured, it receives an IP of the unauthenticated VLAN. (I cannot receive any failure log in NPS - strange!!)

 

By the way this creates another major security problem, because if i force in one interface of one computer the VLAN 2. The computer will receive an IP of the VLAN 2 because is tagged on the Switch.

 

Can you guys help me with that?

 

Regards,

Nuno

 

 

0 Kudos
1 REPLY 1
Nuno_Barros
Occasional Contributor

‎08-13-2014 07:53 AM - edited ‎08-13-2014 07:57 AM

‎08-13-2014 07:53 AM - edited ‎08-13-2014 07:57 AM

Re: 802.1X - VOIP Phones problem

I have another situation. Now I can connect one computer to vlan 1 and works. If i connect a voip phone radius server assign vlan 2 and works.

The problem are when i connect a computor to the pc port of the phone device. i have a HELD state in authentication state.


Only phone connected

MAI-802.1X TEST(config)# sh port-access authenticator

Port Access Authenticator Status

Port-access authenticator activated [No] : Yes

Access Authenticator Authenticator Unauth Auth Current
Port Status Control State Backend State VLAN ID VLAN ID VLAN ID
---- ------ -------- -------------- -------------- -------- -------- --------
2 Closed Auto Disconnected Idle 3 1 3
3 Closed Auto Disconnected Idle 3 1 3
4 Closed Auto Disconnected Idle 3 1 3
5 Closed Auto Disconnected Idle 3 1 3
6 Closed Auto Disconnected Idle 3 1 3
7 Closed Auto Disconnected Idle 3 1 3
8 Closed Auto Disconnected Idle 3 1 3
9 Closed Auto Disconnected Idle 3 1 3
10 Closed Auto Disconnected Idle 3 1 3
11 Closed Auto Disconnected Idle 3 1 3
12 Closed Auto Disconnected Idle 3 1 3
13 Closed Auto Disconnected Idle 3 1 3
14 Open Auto Authenticated Idle 3 1 2
15 Closed Auto Disconnected Idle 3 1 3
16 Closed Auto Disconnected Idle 3 1 3
17 Closed Auto Disconnected Idle 3 1 3
18 Closed Auto Disconnected Idle 3 1 3
19 Closed Auto Disconnected Idle 3 1 3
20 Closed Auto Disconnected Idle 3 1 3
21 Closed Auto Disconnected Idle 3 1 3
22 Closed Auto Disconnected Idle 3 1 3
23 Closed Auto Disconnected Idle 3 1 3
24 Closed Auto Disconnected Idle 3 1 3

Computer connected trough phone

MAI-802.1X TEST(config)# sh port-access authenticator

Port Access Authenticator Status

Port-access authenticator activated [No] : Yes

Access Authenticator Authenticator Unauth Auth Current
Port Status Control State Backend State VLAN ID VLAN ID VLAN ID
---- ------ -------- -------------- -------------- -------- -------- --------
2 Closed Auto Disconnected Idle 3 1 3
3 Closed Auto Disconnected Idle 3 1 3
4 Closed Auto Disconnected Idle 3 1 3
5 Closed Auto Disconnected Idle 3 1 3
6 Closed Auto Disconnected Idle 3 1 3
7 Closed Auto Disconnected Idle 3 1 3
8 Closed Auto Disconnected Idle 3 1 3
9 Closed Auto Disconnected Idle 3 1 3
10 Closed Auto Disconnected Idle 3 1 3
11 Closed Auto Disconnected Idle 3 1 3
12 Closed Auto Disconnected Idle 3 1 3
13 Closed Auto Disconnected Idle 3 1 3
14 Closed Auto Held Idle 3 1 3
15 Closed Auto Disconnected Idle 3 1 3
16 Closed Auto Disconnected Idle 3 1 3
17 Closed Auto Disconnected Idle 3 1 3
18 Closed Auto Disconnected Idle 3 1 3
19 Closed Auto Disconnected Idle 3 1 3
20 Closed Auto Disconnected Idle 3 1 3
21 Closed Auto Disconnected Idle 3 1 3
22 Closed Auto Disconnected Idle 3 1 3
23 Closed Auto Disconnected Idle 3 1 3
24 Closed Auto Disconnected Idle 3 1 3

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.