(Optional) Configuring Voice Terminals to Go Online Without Authentication
Context
When both data terminals (such as PCs) and voice terminals (such as IP phones) are connected to switches, NAC is configured on the switches to manage and control the data terminals. The voice terminals, however, only need to connect to the network without being managed and controlled. In this case, you can configure the voice terminals to go online without authentication on the switches. Then the voice terminals identified by the switches can go online without authentication.
If an 802.1X user initiates authentication through a voice terminal, a switch preferentially processes the authentication request. If the authentication succeeds, the terminal obtains the corresponding network access rights. If the authentication fails, the switch identifies the terminal type and enables the terminal to go online without authentication.
Pre-configuration Tasks
To enable the switches to identify the voice terminals, enable LLDP or configure OUI for the voice VLAN on the switches. For details, see "Configuring Basic LLDP Functions" in "LLDP Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Network Management and Monitoring or "Configuring a Voice VLAN Based on a MAC Address" in "Voice VLAN Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Ethernet Switching. If a voice device supports only CDP but does not support LLDP, configure CDP-compatible LLDP on the switch using lldp compliance cdp receive command.
Procedure
- Run system-view
The system view is displayed.
- Run authentication device-type voice authorize [ user-group group-name ]
The voice terminals are enabled to go online without authentication.
By default, voice terminals are disabled from going online without authentication.
Voice terminals can obtain the corresponding network access rights after they pass authentication and go online, when user-group group-name is not specified. When user-group group-name is specified, voice terminals can obtain the network access rights specified by the user group after they go online. To use a user group to define network access rights for voice terminals, run the user-group group-name command to create a user group and configure network authorization information for the users in the group. Note that the user group takes effect only after it is enabled.
If you run this command repeatedly, the latest configuration overrides the previous ones.