{"id":116,"date":"2020-10-09T10:55:00","date_gmt":"2020-10-09T08:55:00","guid":{"rendered":"http:\/\/www.sensimedia.org\/?p=116"},"modified":"2025-03-07T08:44:20","modified_gmt":"2025-03-07T07:44:20","slug":"802-1x-voice-vlan-mab-sur-n-series","status":"publish","type":"post","link":"https:\/\/sensimedia.org\/?p=116","title":{"rendered":"802.1x + Voice VLAN +MAB sur N-Series"},"content":{"rendered":"\n

On commence par d\u00e9clarer en globale le serveur Radius (FreeRadius\/PacketFence\/Microsoft NPS\/….)<\/p>\n\n\n\n

authentication enable\nauthentication dynamic-vlan enable\ndot1x system-auth-control\naaa authentication dot1x default radius\naaa authorization network default radius\nradius server source-ip [IP du Vlan qui va joindre le serveur Radius]\nradius server auth [IP.DU.SERVEUR.RADIUS]\nname \"RADIUS-SRVNAME1\"\nusage authmgr\nkey 0 \"lacleduserveurradius\"\nexit\nradius server acct [IP.DU.SERVEUR.RADIUS]\nname \"RADIUS-SRVNAME1\"\nexit<\/pre>\n\n\n\n
On active en globale le voice vlan, ainsi qu’un vlan de quarantaine si il venait a y avoir un probl\u00e8me d’authentification.<\/p>\n\n\n\n
vlan 18\nname \"VLAN_TOIP\"\nexit\nvlan 666\nname \"QUARANTAINE\"\nexit\nswitchport voice vlan<\/pre>\n\n\n\n
On configure le port pour permettre l’authentification 802.1x du client, sur \u00e9chec on essaye un authentification par mac et sinon on drope dans le Vlan de Quarantaine.
Le t\u00e9l\u00e9phone identifi\u00e9e via le LLDP, re\u00e7oit le VLAN Voix.
Cette configuration permet d’avoir l’interface “LAN” du t\u00e9l\u00e9phone qui re\u00e7oit une client qui va demander une authentification 802.1x.

LE MODE GENERAL EST OBLIGATOIRE.<\/p>\n\n\n\n
interface Gi1\/0\/6
description \"VOIP+PC\"
switchport mode general
authentication host-mode multi-auth
authentication violation protect
authentication event fail action authorize vlan 666
authentication event no-response action authorize vlan 666
authentication periodic
dot1x timeout quiet-period 1
dot1x max-reauth-req 1
dot1x max-req 1
mab auth-type pap
authentication order dot1x mab
authentication priority dot1x mab
lldp tlv-select system-description system-capabilities management-address
lldp notification
lldp med confignotification
switchport voice vlan 16
switchport voice vlan override-authentication
exit<\/pre>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"
On commence par d\u00e9clarer en globale le serveur Radius (FreeRadius\/PacketFence\/Microsoft NPS\/….) authentication enable authentication dynamic-vlan enable dot1x system-auth-control aaa authentication dot1x default radius aaa authorization network default radius radius server source-ip [IP du Vlan qui va joindre le serveur Radius] radius server auth [IP.DU.SERVEUR.RADIUS] name “RADIUS-SRVNAME1” usage authmgr key 0 “lacleduserveurradius” exit radius server acct … Continue reading “802.1x + Voice VLAN +MAB sur N-Series”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6,9],"tags":[13,16,18,19,21,23,26],"class_list":["post-116","post","type-post","status-publish","format-standard","hentry","category-dellemc","category-networking","category-os6","tag-802-1x","tag-dellemc","tag-mab","tag-n-series","tag-networking","tag-os6","tag-voice-vlan"],"_links":{"self":[{"href":"https:\/\/sensimedia.org\/index.php?rest_route=\/wp\/v2\/posts\/116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sensimedia.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sensimedia.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sensimedia.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sensimedia.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=116"}],"version-history":[{"count":1,"href":"https:\/\/sensimedia.org\/index.php?rest_route=\/wp\/v2\/posts\/116\/revisions"}],"predecessor-version":[{"id":519,"href":"https:\/\/sensimedia.org\/index.php?rest_route=\/wp\/v2\/posts\/116\/revisions\/519"}],"wp:attachment":[{"href":"https:\/\/sensimedia.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sensimedia.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sensimedia.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}