Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
781782783784785786787788789790
VLANs 785
Authentication of Voice Devices
Switch ports can be configured to use either IEEE 802.1X or MAB
authentication. In both cases, the voice device must be authenticated into
the configured voice VLAN by the RADIUS server sending an Access-Accept
message indicating the device is a voice device. If the switchport voice vlan
override-authentication option is configured, any device may access the voice
VLAN regardless of the 802.1X port authentication state.
Some VoIP phones contain full support for IEEE 802.1X. For each VoIP
device to authenticate independently of the data device, configure the port in
access or general mode, add the voice VLAN to the port and configure the
port to use multi-domain or multi-domain-multi-host authentication. With
both types of authentication, voice packets are identified by the MAC address
of the phone. The RADIUS server must be configured to enable Voice VLAN
by sending the vendor proprietary VSA device-traffic-class=voice in the
RADIUS Access-Accept message. Use the no switchport voice vlan override-
authentication command to allow the VoIP device access to the voice VLAN
using 802.1X. A voice VLAN identified in the RADIUS Access-Accept is
ignored by the switch if a voice VLAN is not configured on the interface. The
RADIUS-assigned voice VLAN need not be the same as the configured voice
VLAN.
Authentication of a VoIP device via 802.1X is supported on ports configured
in general or access mode. If Voice VLAN is enabled and configured on a port,
and a device is configured to authenticate via RADIUS, and the RADIUS
server identifies the device as an IP phone, the device is allowed access to the
configured or RADIUS-assigned voice VLAN. Only a single device may
authenticate into the voice VLAN.
When 802.1X authenticates a device onto the voice VLAN, the device is also
allowed access over the data VLAN for thirty seconds after authentication.
This allows the device to learn the voice VLAN ID via non-standard
mechanisms such as HTTP or TFTP.
Many VoIP phone receive their VLAN information from LLDP-MED or CDP.
The switch can automatically direct the VoIP traffic to the voice VLAN
without manual configuration of the phone. Configure the port in access or
general mode, add the voice VLAN to the port and configure the port to use
802.1X auto mode (port-based authentication) and override authentication
for the voice VLAN. The first data device will be authenticated using 802.1X