Meraki

Community

Polycom IP Phone Bypass Vlan Voices Access Policies

meraki-newbie
Getting noticed
‎Sep 3 2024 6:18 PM
‎Sep 3 2024 6:18 PM

Polycom IP Phone Bypass Vlan Voices Access Policies

Hello everyone,

 

we want to implement these configuration, for this kind of topology below :

 

MS Switch - IP Phone - Desktop Endpoint

 

with a detailed behavior below :

 

  1. Create Access Policies to authenticate endpoint only(data vlan) and bypass IP Phone (voice vlan)
  2. IP Phone will be connected to MS Switch port
  3. Endpoint will connected to IP Phone

 

we have already configured Hybrid Authentication + Multi Auth with  bypass Voice Vlan Auth

 

merakinewbie_0-1725412306256.png

 

But it's seems the MAB didn't bypass voice vlan of our Polycom VOIP devices as captured below :

 

merakinewbie_1-1725412492764.png

 

 

our goals are :

  1. Polycom IP Phone still granted access by using bypassed Voice VLAN, even there are no connected desktop endpoint behind it
  2. When user try connected via IP Phone, the user required to authenticate to our RADIUS server to granted access

 

hopefully hear from you all soon

 

cheers

 

 

Labels:
0 Kudos
1 Reply 1
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 4 2024 4:59 AM
‎Sep 4 2024 4:59 AM

I'm not sure if that voice auth checkbox means you can just have a phone on the port without authenticating.  I believe it is to signal that you have a phone possibility on the port and can have the Radius attribute sent for voice domain authorization.

The documentation also says in most host modes every client needs to be authenticated including the phone.

If your radius server supports MAB you could just have the MAC addresses of the phones in there to authenticate against.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.