Different VLAN-Memberships with MAC-based port access? (722 Views)
Posts: 31
Registered: ‎02-11-2010
Message 1 of 3 (722 Views)

Different VLAN-Memberships with MAC-based port access?



I just managed to get MAC-based port-access control with radius-assigned vlan-IDs working. this works for me, as long as all clients on a given port have to belong to the same vlan. But we are going to buy ip phones with an integrated ethernet switch, so that a pc and a phone will be connected to the same switchport. What i want to do, is assigning a different vlan id to the ip phone and to the pc. Is there any way to do this, f.e. assigning a "tagged" vlan id for the port?

Honored Contributor
Posts: 1,435
Registered: ‎04-02-2008
Message 2 of 3 (717 Views)

Re: Different VLAN-Memberships with MAC-based port access?


your ip phone support 801.1q vlan taging protocol and you must have configure vlan id on  ip phone


switch port must be manually set tagged  voip vlan

untagged state assign via radius server for pc


Respected Contributor
Posts: 116
Registered: ‎11-04-2004
Message 3 of 3 (703 Views)

Re: Different VLAN-Memberships with MAC-based port access?

What RADIUS Server are you using on the backend?
Reason that I ask, is that some RADIUS Servers support RFC 4675, which supports the "Egress-VLANID" attribute, which can be used to assign a tagged VLAN ID for the port.

For example, FreeRADIUS support the RFC, whereas Microsoft NPS does not.

If you have a RADIUS Server that does not support the RFC, you can use VSAs (Vendor Specific Attributes) for this. The VSAs are listed here, as well as some information on the RFC:


Also be aware that not all HP switches support assigning tagged VLANs through RADIUS.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.