12-14-2011 07:09 AM
I just managed to get MAC-based port-access control with radius-assigned vlan-IDs working. this works for me, as long as all clients on a given port have to belong to the same vlan. But we are going to buy ip phones with an integrated ethernet switch, so that a pc and a phone will be connected to the same switchport. What i want to do, is assigning a different vlan id to the ip phone and to the pc. Is there any way to do this, f.e. assigning a "tagged" vlan id for the port?
12-16-2011 12:46 AM
your ip phone support 801.1q vlan taging protocol and you must have configure vlan id on ip phone
switch port must be manually set tagged voip vlan
untagged state assign via radius server for pc
01-10-2012 09:56 AM
What RADIUS Server are you using on the backend?
Reason that I ask, is that some RADIUS Servers support RFC 4675, which supports the "Egress-VLANID" attribute, which can be used to assign a tagged VLAN ID for the port.
For example, FreeRADIUS support the RFC, whereas Microsoft NPS does not.
If you have a RADIUS Server that does not support the RFC, you can use VSAs (Vendor Specific Attributes) for this. The VSAs are listed here, as well as some information on the RFC:
Also be aware that not all HP switches support assigning tagged VLANs through RADIUS.