• September 28, 2020, 03:55:39 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: ADAC/Voice Vlan/802.1x Big problem on ERS 5520 6.3.3  (Read 2310 times)

0 Members and 1 Guest are viewing this topic.

Offline caxinas

  • Rookie
  • **
  • Posts: 7
ADAC/Voice Vlan/802.1x Big problem on ERS 5520 6.3.3
« on: August 28, 2014, 05:24:12 PM »
Hi guys,

Iīm a network administrator with a edge switchs avaya ers5520 and core switchs  avaya ers8600. In my network i have a voip lan formed by IP phones cisco 7945, that have a sw port to give lan to the pcs, i also have a NAC (juniper MAG6611) controlling the access to the network by 802.1x only to pcs, the phone have a list of macs on the switchs and lldp so donīt do 802.1x controll. Everything was great :)

I had the 6.1.2 version installed on 5520 but with the monitoring software "whatsup gold" i lose the telnet access to a great part of my switchs. To correct this situation i make an upgrade on the ers5520, since i make this upgrade my ip phones (almost 2000) donīt work, but the ADAC put the voice vlan and the data vlan on the switch port, the pc work great but not the phones..
To correct this situation i discover that if i put the port status on forceautorized (802.1x), the ip phone obtain IP and work correctly, but when i put the port on the auto mode, they lose the ip again.

I make a test, i took a switch and make a downgrade to 6.1.2 and like magic the ip phones work perfectly.

Iīm asking for help in this case because iīm donīt understand why this is happen.

Thanks




Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: ADAC/Voice Vlan/802.1x Big problem on ERS 5520 6.3.3
« Reply #1 on: August 29, 2014, 08:12:06 AM »
Hi caxinas and welcome to the forums!

You're trying to authenticate 802.1x multiple devices over the same Ethernet port which has some challenges. Unfortunately I don't beleive you can authenticate some and not others. Have you tried adding the MAC addresses of your IP phones to your NAC solution and performing MAC auth as a backup to 802.1x? I'm going to guess that the only reason you're currently working is that your configuration is taking advantage of a bug and that bug is fixed in the later release or it's completely possible that the situation is the other way around - you've discovered a bug in the newer version.

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline caxinas

  • Rookie
  • **
  • Posts: 7
Re: ADAC/Voice Vlan/802.1x Big problem on ERS 5520 6.3.3
« Reply #2 on: August 29, 2014, 01:22:05 PM »
Hi Michael thks for your reply,
In my point of view when i put the range of mac address of the IP phones in the switch, the switch "knows" that the phones dont do any kind of 802.1x authentication, because the mac list work like a exception to the rule! I had read many avaya papers and we can authenticate or not the phone, depending of what model of implementation we follow.
Today i had tried again the configuration, and with the version 6.2.xx everything work fine with the 6.3.3xx the IP phones dont work. I think my next Step is open a case in the avaya. Can you give another advise on this matter?


Thks a lot!!!