MAC+802.1x EAP authentication and Dynamic VLAN assignment with PC connected to IP Phones
Hello,
We currently have Zyxel switches models GS3700-24HP, XGS3700-48HP and GS3700-48HP.
We need to implement MAC + 802.1x authentication & Dynamic VLAN Assignment for IP Phones connected to the switches and computers connected through the phones.
The scenario is as follows:
- All IP Phones are connected to the Zyxel switches
- All computers are connected to the IP Phones
- IP Phones need to use MAC Authentication and be assigned VLAN10-ToIP
- PCs need to be dynamically assigned a VLAN based on their certificate (802.1x EAP)
- User having no certificate are assigned Guest VLAN
Is this scenario feasible regarding our current switch models?
If so, what are the steps to achieve this?
Many thanks for your answers
Cheers
We currently have Zyxel switches models GS3700-24HP, XGS3700-48HP and GS3700-48HP.
We need to implement MAC + 802.1x authentication & Dynamic VLAN Assignment for IP Phones connected to the switches and computers connected through the phones.
The scenario is as follows:
- All IP Phones are connected to the Zyxel switches
- All computers are connected to the IP Phones
- IP Phones need to use MAC Authentication and be assigned VLAN10-ToIP
- PCs need to be dynamically assigned a VLAN based on their certificate (802.1x EAP)
- User having no certificate are assigned Guest VLAN
Is this scenario feasible regarding our current switch models?
If so, what are the steps to achieve this?
Many thanks for your answers
Cheers
0
All Replies
-
Hi @MatC_AVA6,
Welcome to Zyxel Community!
To achieve the goal, please refer to this link on how to configure MAC + 802.1x authentication.
But according to your topology, there will be some circumstances if the computer is connected to IP phones. The IP phone will be allocated to guest VLAN only due to IP phone doesn't have credentials as PC have. So it will fail to authenticate 802.1x and will be put on guest VLAN.
For the physical connection, we suggest separating the PC & IP phone connectivity to switch.
Example: PC1 to port 1 and IP phone1 to port 2.
In this condition, you may configure 802.1x authentication for PCs and MAC-authentication with correct PVID for IP phones.
Hope it helps!Jonas0 -
What not use Voice VLAN for IP phones and 802.1x port authentication for PCs?0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight