It is required that any interface can authenticate user, phone and PC, the deploy is this:
- All PC are connected to IP Phone
- IP Phone are connected to switch
- Switch interface must authenticate IP Phone MAC on RADIUS server.
- Also, the user on the PC behind the IP Phone must be able to authenticate with network domain user/password through dot1x on RADIUS server, if the credentials are correct, user can access the network.
- After this, the PC gets IP with DHCP.
Topology like this :