I'm deploying 802.1x in my company. We are using VM Win 2998 R2 Server as our Radius Server. Cisco 3750 layer3 switch running IOS 15.0(2) and Shoretel phone system running Build 13.
So far, all the printers, wired and wireless PC are able authenticated and obtain IP address for the corporate network. However, we are having problem with the Shoretel phones.
we do not want to authenticate the phones so we disabled 802.1x feature and enabled LLDP for our Shoretel phone and On the cisco 3750 switch, we enabled LLDP.
The port is configured as follow
switchport access vlan 10
switchport mode access
switchport voice vlan 110
authentication event fail action authorize vlan 99
authentication event no-response action authorize vlan 99
authentication host-mode multi-host
authentication violation protect
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 3
When we do debug dot1x all, we can see that the phone is forced to authenticate even with 802.1x is set to off on the phone. The phone fails the authentication eventually
This is the same configuration that we have for the first office we implemented and everything works fine. The phone is working as it should. The only different is that in this first office, the shoretel phone system is running Build 12 and Cisco access-layer switch is 2975 running IOS 12.2.
I'm working with Cisco but it seems like they don't know the cause of it.
Do you guys experience the same problem?