cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

130
Views
1
Helpful
4
Replies
Highlighted
Beginner

Wired ISE question

I have a rule in wired MAB called VOIP Phones. I am trying to determine how the phone is getting authorized in

WIRED MAB POLICY.GIF

the switchport configuration is below:

interface GigabitEthernet0/13

description Dan's Desk1

switchport access vlan 102

switchport mode access

switchport voice vlan 200

switchport port-security maximum 100

switchport port-security

switchport port-security aging time 1

switchport port-security violation restrict

switchport port-security aging type inactivity

no logging event link-status

authentication event fail action authorize vlan 31

authentication event server dead action authorize vlan 31

authentication event no-response action authorize vlan 31

authentication host-mode multi-host

authentication order dot1x mab webauth

authentication priority dot1x mab webauth

authentication port-control auto

authentication periodic

authentication violation protect

mab

mls qos trust device cisco-phone

mls qos trust cos

dot1x pae authenticator

dot1x timeout quiet-period 10

dot1x timeout tx-period 15

dot1x timeout supp-timeout 7

spanning-tree portfast

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Wired ISE question

ISE utilizes a multitude of methods to profile Cisco IP Phones.  DHCP, CDP, LLDP, NMAP, OS, Platform, etc.

You can look at the Device Profile Policy to get an idea:

IP_Phones.PNG

To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.

Profile_Report.PNG

4 REPLIES 4
Contributor

Re: Wired ISE question

What do you mean “how the phone is getting authorized?” Have you searched the live log for the phone’s mac address?

Beginner

Re: Wired ISE question

The MAC address for the phones does not show up in live logs

Cisco Employee

Re: Wired ISE question

ISE utilizes a multitude of methods to profile Cisco IP Phones.  DHCP, CDP, LLDP, NMAP, OS, Platform, etc.

You can look at the Device Profile Policy to get an idea:

IP_Phones.PNG

To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.

Profile_Report.PNG

Beginner

Re: Wired ISE question

Thanks.  That helps