cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
772
Views
1
Helpful
4
Replies

Wired ISE question

d.worthley
Level 1
Level 1

I have a rule in wired MAB called VOIP Phones. I am trying to determine how the phone is getting authorized in

WIRED MAB POLICY.GIF

the switchport configuration is below:

interface GigabitEthernet0/13

description Dan's Desk1

switchport access vlan 102

switchport mode access

switchport voice vlan 200

switchport port-security maximum 100

switchport port-security

switchport port-security aging time 1

switchport port-security violation restrict

switchport port-security aging type inactivity

no logging event link-status

authentication event fail action authorize vlan 31

authentication event server dead action authorize vlan 31

authentication event no-response action authorize vlan 31

authentication host-mode multi-host

authentication order dot1x mab webauth

authentication priority dot1x mab webauth

authentication port-control auto

authentication periodic

authentication violation protect

mab

mls qos trust device cisco-phone

mls qos trust cos

dot1x pae authenticator

dot1x timeout quiet-period 10

dot1x timeout tx-period 15

dot1x timeout supp-timeout 7

spanning-tree portfast

1 Accepted Solution

Accepted Solutions

ISE utilizes a multitude of methods to profile Cisco IP Phones.  DHCP, CDP, LLDP, NMAP, OS, Platform, etc.

You can look at the Device Profile Policy to get an idea:

IP_Phones.PNG

To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.

Profile_Report.PNG

View solution in original post

4 Replies 4

gbekmezi-DD
Level 5
Level 5

What do you mean “how the phone is getting authorized?” Have you searched the live log for the phone’s mac address?

The MAC address for the phones does not show up in live logs

ISE utilizes a multitude of methods to profile Cisco IP Phones.  DHCP, CDP, LLDP, NMAP, OS, Platform, etc.

You can look at the Device Profile Policy to get an idea:

IP_Phones.PNG

To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.

Profile_Report.PNG

Thanks.  That helps

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: