cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1292
Views
3
Helpful
3
Replies

802.1x Phone Deployment

Good afternoon!

We are wanting to deploy 802.1x throughout all of our phones company wide rather than using MAB authentication. Is there any information in regards to ISE deployments that utilize 802.1x authentication?   All documentation I have found points towards ACS and while that helps I much rather have documentation that pertains to ISE. 

Thanks,

-Robert

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

You can look at Phone & Collaboration Authentication Capabilities for what devices do what.

Other than that, you will need to provision the phones for 802.1X with Username & Passwords or Certificates.

You typically do this via the Call Manager.

Just be sure that the phones will trust the ISE certificate (dont use self-signed certs!!!) and that ISE will trust the certificate used to sign the phone certificates.

Other than that, follow How To: Universal IOS Switch Config for ISE for switchport configuration.

View solution in original post

3 Replies 3

thomas
Cisco Employee
Cisco Employee

You can look at Phone & Collaboration Authentication Capabilities for what devices do what.

Other than that, you will need to provision the phones for 802.1X with Username & Passwords or Certificates.

You typically do this via the Call Manager.

Just be sure that the phones will trust the ISE certificate (dont use self-signed certs!!!) and that ISE will trust the certificate used to sign the phone certificates.

Other than that, follow How To: Universal IOS Switch Config for ISE for switchport configuration.

Thank you Thomas!

I'm beginning to realize a lot of this is on the call manger side so I think I'm good with ISE.

Man, I really wish I had the Universal ISE Switch Config Document 5 months ago...would have saved me soooooooo much time. 

Nevertheless, thanks for replying in a timely manner. 

-Robert

 

Thanks Guys. 

 

 

So we are really starting to ramp this project up and I'm having some issues.

 

 

Before we start I want to say we are going with LSC's rather than MIC's  so what that being said here we go...

 

 

So in regards to the CM Cert.  We were able to export a Root CA CAPF from Call Manage with no issues. I have since uploaded the PEM as a trusted ISE cert.  My problem starts with Authentication.  As of this moment we are utilizing machine certs on our desktops but use an Identify Source Sequence that points to AD for further authentication.

 

 

In my test environment it seems I can only get one of them to work at the same time.  I'm sure I’m missing something from the equation but for the life of me can't think what it is.  I have even attempted to change the Authentication policy but i'm having no luck. 

 

 

Does anyone have any suggestions? 

 

 

You would deff be a life saver!

 

 

Thanks in advance,

 

-Robert

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: