The authentication device-type voice authorize command enables voice terminals to go online without authentication.
The undo authentication device-type voice authorize command disables voice terminals from going online without authentication.
By default, voice terminals are disabled from going online without authentication.
authentication device-type voice authorize [ user-group group-name ]
undo authentication device-type voice authorize [ user-group ]
Parameter |
Description |
Value |
|---|---|---|
| user-group group-name | Specifies the name of the user group based on which network access rights are assigned to voice terminals. | The value must be an existing user group name. |
Usage Scenario
When both data terminals (such as PCs) and voice terminals (such as IP phones) are connected to switches, NAC is configured on the switches to manage and control the data terminals. The voice terminals, however, only need to connect to the network without being managed and controlled. In this case, you can configure the voice terminals to go online without authentication on the switches. Then the voice terminals identified by the switches can go online without authentication.
Precautions
To enable the switches to identify the voice terminals, enable LLDP or configure OUI for the voice VLAN on the switches. For details, see "Configuring Basic LLDP Functions" in "LLDP Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Network Management and Monitoring or "Configuring a Voice VLAN Based on a MAC Address" in "Voice VLAN Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Ethernet Switching. If a voice device supports only CDP but does not support LLDP, configure CDP-compatible LLDP on the switch using lldp compliance cdp receive command.
If an 802.1X user initiates authentication through a voice terminal, a switch preferentially processes the authentication request. If the authentication succeeds, the terminal obtains the corresponding network access rights. If the authentication fails, the switch identifies the terminal type and enables the terminal to go online without authentication.
Voice terminals can obtain the corresponding network access rights after they pass authentication and go online, when user-group group-name is not specified. When user-group group-name is specified, voice terminals can obtain the network access rights specified by the user group after they go online. To use a user group to define network access rights for voice terminals, run the user-group group-name command to create a user group and configure network authorization information for the users in the group. Note that the user group takes effect only after it is enabled.
If you run this command repeatedly, the latest configuration overrides the previous ones.
This function takes effect only for users who go online after this function is successfully configured.