https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315213#M566493 <P>Hi there,</P><P>&nbsp;</P><P>I'm trying to deploy 802.1X infrastructure for the first time.</P><P>I have one network with two VLAN one for the data and one for the voice.</P><P>&nbsp;</P><P>I configure my NPS with EAP-TLS and certificate for the authentification.</P><P>&nbsp;</P><P>The certificate are auto enroll via GPO for all the computer.</P><P>&nbsp;</P><P>Everything is working well for Wifi, Switch except one thing.</P><P>&nbsp;</P><P>The IP Phones only authentificate if one supplicant computer is connect behind.</P><P>&nbsp;</P><P>I want to know the best practice to auth the IP Phones too.</P><P>&nbsp;</P><P>The switches are netgear ... not my choice but it's the switches <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P><P>&nbsp;</P><P>I never use this kind of ip phones. The easy way to allow and the less secure is to do a NPS Mac auth bypass ? to allow this equipements ? What about install certificate on this equipement ?</P><P>&nbsp;</P><P>Regards</P> Sun, 28 Mar 2021 20:15:00 GMT yvanderunes802438600 2021-03-28T20:15:00Z https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315213#M566493 <P>Hi there,</P><P>&nbsp;</P><P>I'm trying to deploy 802.1X infrastructure for the first time.</P><P>I have one network with two VLAN one for the data and one for the voice.</P><P>&nbsp;</P><P>I configure my NPS with EAP-TLS and certificate for the authentification.</P><P>&nbsp;</P><P>The certificate are auto enroll via GPO for all the computer.</P><P>&nbsp;</P><P>Everything is working well for Wifi, Switch except one thing.</P><P>&nbsp;</P><P>The IP Phones only authentificate if one supplicant computer is connect behind.</P><P>&nbsp;</P><P>I want to know the best practice to auth the IP Phones too.</P><P>&nbsp;</P><P>The switches are netgear ... not my choice but it's the switches <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P><P>&nbsp;</P><P>I never use this kind of ip phones. The easy way to allow and the less secure is to do a NPS Mac auth bypass ? to allow this equipements ? What about install certificate on this equipement ?</P><P>&nbsp;</P><P>Regards</P> Sun, 28 Mar 2021 20:15:00 GMT https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315213#M566493 yvanderunes802438600 2021-03-28T20:15:00Z https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315230#M566495 <P>Depends on the phone, some phones support Certificate, some are not, So best practice MAB - rather complicating things.</P> <P>&nbsp;</P> <P>Hoping since you posted in the cisco community NPS is ISE or MS NPS(NPAS)?</P> <P>&nbsp;</P> <P>here is the voice and Data deployment guide ISE point of you :</P> <P>&nbsp;</P> <P><A href="https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515" target="_blank">https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515</A></P> Sun, 28 Mar 2021 22:43:11 GMT https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315230#M566495 balaji.bandi 2021-03-28T22:43:11Z https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315357#M566499 <P>Thank you for your answer. I'm using Microsoft NPS services.&nbsp;</P> Mon, 29 Mar 2021 09:15:16 GMT https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315357#M566499 yvanderunes802438600 2021-03-29T09:15:16Z https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315400#M566500 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/988107">@yvanderunes802438600</a></P><P>&nbsp;please take a look at the link:&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/7800-series/english/admin-guide/pa2d_b_7800-series-admin-guide-cucm/pa2d_b_7800-series-admin-guide-cucm_chapter_01001.html" target="_blank" rel="noopener">7800 Series Phone Security</A>. for more information on the <STRONG>Cisco IP Phone 7800 Series</STRONG>.</P><P>Note: the <STRONG>IP Phone 7800 Series</STRONG> can be connect to the <STRONG>Cisco Communication Manager Call Control</STRONG> or with a <STRONG>Third-Party Call Control</STRONG>, please double check what is your case.</P><P>&nbsp;</P><P>Hope this helps !!!</P><P>&nbsp;</P> Mon, 29 Mar 2021 11:23:39 GMT https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315400#M566500 Marcelo Morais 2021-03-29T11:23:39Z https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315532#M566508 <P>Thank you for the advice. I found this link :&nbsp;<A href="https://social.technet.microsoft.com/Forums/en-US/6d78c698-a087-48cb-bc73-9566aa61bf10/using-nps-with-cisco-ip-phones?forum=winserverNAP" target="_blank">https://social.technet.microsoft.com/Forums/en-US/6d78c698-a087-48cb-bc73-9566aa61bf10/using-nps-with-cisco-ip-phones?forum=winserverNAP</A></P><P>&nbsp;</P><P>I'm going to follow indication to do auth ip phones with the MIC certificate cisco and map after on username.</P> Mon, 29 Mar 2021 15:46:04 GMT https://community.cisco.com/t5/network-access-control/802-1x-nps-server-cisco-7800-series/m-p/4315532#M566508 yvanderunes802438600 2021-03-29T15:46:04Z