Hello Community,
we face an issue and do not know where we are going wrong. We general started with this setup guid: https://www.juniper.net/documentation/en_US/junos/topics/example/802-1x-pnac-voip-ex-series-configuring.html
with the only change that we do not assing a default vlan to the interface it self as this will be configured with dynamic Vlans from our MS NPS server. This alown works without any issues .
The issue is that all IP phones used as bridge to the PC hang in DHCP request state and never get pushed into the voice vlan. My assumtion is that due to the port needs to be auth. fist to gain access the switch lets the phones hang in an unconfig. state and LLDP is not passing to the device. (PC-Port perfect, PC-Phone-Port only PC gets access)
EX3400 (FW D56)
ge-2/0/0 {
unit 0 {
description IP-Test;
family ethernet-switching {
storm-control default;
}
protocols {
dot1x {
authenticator {
authentication-profile-name Domain-NPS;
interface {
ge-2/0/0.0 {
supplicant multiple;
retries 3;
transmit-period 30;
reauthentication 3600;
server-timeout 30;
maximum-requests 2;
}
lldp {
interface all;
}
lldp-med {
interface all;
}
IP-Phones
Variuous snom, cisco and Yealink devices, all the same result.
Some ideas we had sofar:
We set the suplicant to single, user logs on to pc, port becomes user-vlan and phone can get an ip from the user-vlan and with this then lldp message. This would then no req. to set and confguge 802.1x on the IP-phone right? (Currently we have it not enabled on the IP.phones) Also using 802.1x on the phone it self would make LLDP-MED useless, as the dynamic Vlan pushed to the phone would to the same work...??... Brain-block
Someone has a hint what we missed? Thx in advance!