radius attributes for cisco ip phone

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Thu Jan 17 17:51:28 CET 2008


Rupert Finnigan wrote:
> On 17/01/2008, Stieven.Struyf at komatsu.eu <Stieven.Struyf at komatsu.eu> wrote:
>   
>> I have hp procurve 3500yl switches for which i use mac based authentication
>> against radius server.
>> The radius server should assign the vlan's.
>> The pc that hangs behind the phone get the correct vlan, but the phone
>> doesn't.
>>
>>     
>
> Are you connecting the phone to the wall socket, and then the PC to
> the "link" socket on the phone?
>
> If this is the case then it's working as it should do.. the HP switch
> NAS is authenticating the PC's MAC, and opening the switchport on the
> correct VLAN for the PC, and so the phone will be on that VLAN too -
> they're on the same ethernet segment. If you've got a PC linked via
> the phone, and you want the phone to be on one VLAN, and the PC on the
> other I believe you have to configure the switch-port as a trunk, and
> then configure the phone accordingly.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
HP ProCurve edge series can only dynamically assign a single untagged 
VLAN to any one switch port.
It is not possible to create dynamic VLAN trunks. It may be possible to 
create a VLAN trunk statically, then leave the switch to do VLAN 
assignment, and just deny/allow access via the RADIUS server.

-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900




More information about the Freeradius-Users mailing list