Security e-Series
1747988 Members
4405 Online
108756 Solutions
New Discussion юеВ

Re: Different VLAN-Memberships with MAC-based port access?

 
zmichl
Advisor

Different VLAN-Memberships with MAC-based port access?

Hi,

 

I just managed to get MAC-based port-access control with radius-assigned vlan-IDs working. this works for me, as long as all clients on a given port have to belong to the same vlan. But we are going to buy ip phones with an integrated ethernet switch, so that a pc and a phone will be connected to the same switchport. What i want to do, is assigning a different vlan id to the ip phone and to the pc. Is there any way to do this, f.e. assigning a "tagged" vlan id for the port?

2 REPLIES 2
cenk sasmaztin
Honored Contributor

Re: Different VLAN-Memberships with MAC-based port access?

hi

your ip phone support 801.1q vlan taging protocol and you must have configure vlan id on  ip phone

 

switch port must be manually set tagged  voip vlan

untagged state assign via radius server for pc

cenk

Kell van Daal
Respected Contributor

Re: Different VLAN-Memberships with MAC-based port access?

What RADIUS Server are you using on the backend?
Reason that I ask, is that some RADIUS Servers support RFC 4675, which supports the "Egress-VLANID" attribute, which can be used to assign a tagged VLAN ID for the port.

For example, FreeRADIUS support the RFC, whereas Microsoft NPS does not.

If you have a RADIUS Server that does not support the RFC, you can use VSAs (Vendor Specific Attributes) for this. The VSAs are listed here, as well as some information on the RFC:
http://wiki.freeradius.org/HP#RFC+4675+(multiple+tagged%2Funtagged+VLAN)+Assignment

 

Also be aware that not all HP switches support assigning tagged VLANs through RADIUS.