Beginning Nov 15, 2021, the Networking Forum discussion boards moved to the Aruba Airheads community

Comware Based

1755709 Members

4403 Online

108837 Solutions

4500G set dot1x on voice vlan port

Hi,
I'm trying to set dot1x on 4500G ports, with vlan 1 for the authenticated machines and guest-vlan 5 for "foreigner" machines.
On a normal port, it works fine... I connect a domain machine, the radius server authenticates and the machine is connected at vlan1. Switch the cable to a foreigner machine and it doesn't authenticate, and it gets a vlan5 (guest) access.
However, I have many [switch port -- ip phone -- computer] setup, where the port is hybrid with vlan 2 for voice vlan.
If I use the same parameters of a "normal" port, it starts to work but after a while the port is set with pvid=5.

Questions:
- Is it possible to set dot1x as described above on a hybrid voice port ? How ?
- Can I use the Tunnel-Pvt-Group-Id of NPS to set the port vlan when the port is hybrid ?

Switch Configuration:
#
version 3Com OS V5.02.00s168p20,
#
dot1x
dot1x timer tx-period 10
dot1x timer supp-timeout 10
dot1x retry 1
dot1x timer handshake-period 5
dot1x authentication-method eap
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
radius scheme my_domain
server-type extended
primary authentication A.B.C.D
primary accounting A.B.C.D
secondary authentication 127.0.0.1 1645
secondary accounting 127.0.0.1 1646
key authentication XXXXXX
key accounting XXXXX
#
domain my_domain
authentication default radius-scheme my_domain
authorization default radius-scheme my_domain
accounting default radius-scheme my_domain
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
interface GigabitEthernet1/0/14
port link-type hybrid
port hybrid vlan 2 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
undo jumboframe enable
poe enable
stp edged-port enable
dot1x re-authenticate
dot1x guest-vlan 5
dot1x mandatory-domain my_domain
dot1x port-method portbased
dot1x

Thanks in advance

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

4500G set dot1x on voice vlan port

4500G set dot1x on voice vlan port