When a Cisco IP Phone is plugged into a port that is configured with a Voice VLAN and single-host mode, the phone will be
silently allowed onto the network by way of a feature known as Cisco Discovery Protocol Bypass. The phone (or any device)
that sends the appropriate Type Length Value (TLV) in a Cisco Discovery Protocol message will be allowed access to the voice
In Cisco Discovery Protocol Bypass mode, Cisco Disocvery Protocol packets are received and transmitted unchanged. Received
packets are not processed. No packets are generated. In this mode, 'bump-in-the-wire' behaviour is applied to Cisco Discovery
Protocol packets. This is a backward compatible mode, equivalent to not having Cisco Discovery Protocol support.
In Cisco Discovery Protocol Bypass mode authentication sessions are established in single and multi-host modes for IP Phones.
However, if voice VLAN and 802.1x on an interface port is enabled, then Cisco Discovery Protocol Bypass is enabled when the
host mode is set to single or multi-host mode.
It is possible to use the Multi-Domain Authentication (MDA) feature instead of Cisco Discovery Protocol Bypass feature as
it provides better Access Control, Visibility and Authorization.
By default the host mode is set to single mode in legacy mode and multi-authentication in the edge mode.
Cisco Discovery Protocol Enhancement for Second Port Disconnect—Allows a Cisco IP phone to send a Cisco Discovery Protocol
message to the switch when a host unplugs from behind the phone. The switch is then able to clear any authenticated session
for the indirectly connected host, the same as if the host had been directly connected and the switch had detected a link
down event. This is supported in latest IP telephones.
Cisco Discovery Protocol Bypass provides no support for third-party phones—Cisco Discovery Protocol Bypass works only with