Page 1 of 1

Digium phones don't support 802.1X passthru authentication

PostPosted: Thu May 01, 2014 1:43 pm
by jdquigley
We ran into a wall with a large health care customer who is deploying a NAC to apply policy at the switchport.

Digium phones do not allow 802.1X authentication to devices connected to the PC port. In all fairness, per the RFC, it isn't supposed to. But other phone mfg's such as Cisco, Avaya, Polycom and Shoretel make the exception and have the ability to allow this 802.1X pass through to occur.

Has anyone else ran into this problem? I have the feature request submitted. NAC is becoming more typical in the Enterprise, and the BYOD world is having more and more SMBs looking at dynamic policy at the switchport (or access point) for security and management.

I want to get this out there as a warning to others and hopefully get some traction to put this on the development roadmap for phone firmware.

Re: Digium phones don't support 802.1X passthru authentication

PostPosted: Thu Feb 26, 2015 11:03 am
by brumar59
We are in the same boat. We use Cisco Identity Services Engine to lock down the edge and in the few cases where walljacks are lacking and computers are connected to the PC port of a Digium phone, passthru auth isn't working, so we have to disable ISE on those switch ports. Which, of course, we don't want to do.

I hope Digium changes this but in the mean time, we'll just have to run additional cabling with wall jacks.