HPE Community
Switches, Hubs, and Modems
1752489 Members
5642 Online
108788 Solutions
New Discussion юеВ

4200vl 802.1x issue with voip phones

 
Mike Tupker
Advisor

тАО01-30-2009 01:56 PM

тАО01-30-2009 01:56 PM

4200vl 802.1x issue with voip phones

I've started having an odd issue with 802.1x authentication some new 4208vl's that we recently got. I'm pretty sure I narrowed the is down to the switch.

Essentially what is happening is that if I plug a single device into a switch port it will authenticate (works for mitel voip phones and XP with SP3). However if I connect a computer to the pass through port on the voip phone the computer will not authenticate but the phone does. It's almost like the switch is not paying attention to the client-limit setting.

In that scenario XP will say that authentication failed with an event ID 15514 in the event log (that event has a reason 327685). Googling has returned very little so far on reason 327685.

My dot1x config for the switch is setup as follows.

gvrp
aaa authentication port-access eap-radius
radius-server key mysecrete
radius-server host 10.x.y.z
aaa port-access gvrp-vlans
aaa port-access authenticator A1
aaa port-access authenticator A1 unauth-vid 12
aaa port-access authenticator A1 client-limit 3
aaa port-access authenticator active
aaa port-access A1

I've also ruled out the phones from this issue. I currently have a phone with attached computer connected to a 2650 without issue.

Anyone have any thoughts? Did I miss something simple in my config? Thanks in advance.
0 Kudos
5 REPLIES 5
Mohieddin Kharnoub
Honored Contributor

тАО01-30-2009 02:42 PM

тАО01-30-2009 02:42 PM

Re: 4200vl 802.1x issue with voip phones

Hi

If you have the same configuration on 2600 series switch, then i guess you are right narrowing it down to the 4200.

However, i just wanted to share few points with you.
did you try plug the same PC to the same port ?
are you using a different vlan for both IP Phone and PC ?
did you consider the configuration of the Vlans tagging/untagging on the port ? or you are relying on the gvrp to advertise the Dynamic vlan assignerd by the Radius ?

Good Luck !!!
Science for Everyone
0 Kudos
Mike Tupker
Advisor

тАО01-30-2009 02:50 PM

тАО01-30-2009 02:50 PM

Re: 4200vl 802.1x issue with voip phones

did you try plug the same PC to the same port ?
Yep.

are you using a different vlan for both IP Phone and PC ?
Yes. The the voip traffic and the workstation traffic are seperate vlans.

did you consider the configuration of the Vlans tagging/untagging on the port ? or you are relying on the gvrp to advertise the Dynamic vlan assignerd by the Radius ?
I'm using GVRP with the "aaa port-access gvrp-vlans".
0 Kudos
DtB3300
New Member

тАО02-11-2009 09:02 PM

тАО02-11-2009 09:02 PM

Re: 4200vl 802.1x issue with voip phones

Setting up Mitel phones on ProCurve use command:

vlan XX voice
0 Kudos
Mike Tupker
Advisor

тАО02-12-2009 08:01 AM

тАО02-12-2009 08:01 AM

Re: 4200vl 802.1x issue with voip phones

yep I already voiced the voip vlan. I thought the voice command only turned on lldp-med?
0 Kudos
DtB3300
New Member

тАО02-13-2009 12:46 PM

тАО02-13-2009 12:46 PM

Re: 4200vl 802.1x issue with voip phones

are there enough vlans? the out of the box threshhold is low. use
max-vlans 256
or whatever #

the pass through works in my setting.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.