VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

RobHuijser
Getting noticed

VLAN assignment for voice-vlan after successfull MAB authentication (ISE)

We use Cisco ISE for authentication off all our devices in the network. We also uses VOIP phones with MAB authentication. After authentication the phone must be switched to the voice-vlan-40 (also using LLDP/CDP)

 

I need the special AP-pairs from Cisco ISE to set this VLAN.

 

Does anyone can help me?

 

voice.JPG

6 Replies 6
jdsilva
Kind of a big deal
RobHuijser
Getting noticed

.....

RobHuijser
Getting noticed

Thanks, but this is only ment for regular VLAN assignment, I'm looking for voice-vlan assignment which is different.
PhilipDAth
Kind of a big deal
Kind of a big deal

An approach I have used (very sucesffully) in the past is to assign the VLANs on the switch and only use 802.1x for authentication.  You can still override the data VLAN for the user.

 

This may not quite be what you want - but this works.

 

1.PNG

PhilipDAth
Kind of a big deal
Kind of a big deal

You can refer to this document for the allow attributes:

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/Tagging_Client_VLANs_with_RADIUS_...

 

The attribute for the data vlan is:

Tunnel-Private-Group-ID

redsector
Head in the Cloud

Voice VLAN / VLAN recognition is working independ of 802.1x RADIUS.

The switch puts the IP-phones automatically to the voice VLAN in my networks. PC´s connected to the phones are running into the user VLAN.

 

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels