Dell PowerConnect 6248 Configuration Guide - Page 39

Example #2: Configuring Voice VLAN on an Unauthenticated Port In some networks, multiple devices (for example, a PC, Printer, and phone) are connected to a single port on the switch. The PCs and printers are authenticated by 802.1X, but the phone might not support 802.1X authentication. The PowerConnect 6200 Series switches can allow unauthenticated traffic on the Voice VLAN for the phones that do not support authentication while requiring all other devices on the port to authenticate individually. The phones that do not support 802.1X authentication are automatically directed to the Voice VLAN without manual configuration. The phones will obtain this information using one of the following methods: • LLDP-MED • CDP • DHCP In this example, interface 1/g10 is set to an 802.1Q VLAN. The port must be in general mode in order to enable MAC-based 802.1X authentication. Then, port 1/g10 is configured with MAC-based port authentication to allow authentication for multiple hosts on the same port (see "Example #2: MACBased Authentication Mode" on page 108 for more information). Next, Voice VLAN is enabled on the port with the Voice VLAN ID set to 25. Finally, Voice VLAN authentication is disabled on port 1/g10 because the phone connected to that port does not support 802.1X authentication. All other devices are required to use 802.1X authentication for network access. Support for unauthenticated Voice VLANs is available in release 2.1 and later versions. console#configure console(config)#interface ethernet 1/g10 console(config-if-1/g10)#switchport mode general console(config-if-1/g10)#dot1x port-control mac-based console(config-if-1/g10)#voice vlan 25 console(config-if-1/g10)#voice vlan auth disable console(config-if-1/g10)# console#show voice vlan interface 1/g10 Interface 1/g10 Voice VLAN Interface Mode Enabled Voice VLAN ID 25 Voice VLAN COS Override False Voice VLAN Port Status Disabled Voice VLAN Authentication Disabled Switching Configuration 39