8021X Port Mode - Voice VLAN fails

Has anyone configured Sophos switch: Security > 802.1X > Port Settings > Mode Auto?  I have Microsoft NPS which which is authenticating domain computers as it should, but the switch doesn't seem to want to query voice devices for auth on the switch port, instead it dumps them into the Guest VLAN.  Setting 802.1X Mode > Force_authorized makes the voice vlan work, but this obviously leaves the port open to all.

When testing I capture the network traffic from the switch to the RADIUS server (Microsoft NPS) and see the domain computer authentication requests go over.  When I plug a phone in, nothing.  Not a single packet, so it appears the switch does not implement MAB in any way.  I can't see any MAB options in the switch configuration either in GUI or CLI.  Sophos claim the switch supports it, but their documentation doesn't make mention of it.

Running firmware v01.2.1091, has anyone got this working?  If so, would you mind sharing an example config?



Added TAGs
[edited by: Erick Jan at 3:44 AM (GMT -8) on 11 Jan 2024]
Parents
  • Answering my own question. Support say:

    We have checked it now with product team and found that MAB Authentication feature is currently not available in Sophos Switch.
    Its a know issue and it is expected to release/fixed in MR-3 release of switch Firmware.
    There is a Tentative release date of this MR version in April 2023 but its not confirmed as of the moment.

    So no matter what I won't be able to make this work until it's implemented.

Reply
  • Answering my own question. Support say:

    We have checked it now with product team and found that MAB Authentication feature is currently not available in Sophos Switch.
    Its a know issue and it is expected to release/fixed in MR-3 release of switch Firmware.
    There is a Tentative release date of this MR version in April 2023 but its not confirmed as of the moment.

    So no matter what I won't be able to make this work until it's implemented.

Children
No Data