Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
2
Replies

Certificate for Call Manager needed for 802.1x authentication

rramlal
Level 1
Level 1

‎02-20-2015 08:30 AM - edited ‎03-17-2019 02:03 AM

Hi,

I am trying to design a solution for a customer that requires 802.1x authentication on both their client devices and cisco ip phones. I read in a design guide that we can use an external CA signed certificate for the authentication, can someone guide me on how this can be done? Do I generate the certificate and then upload into Call Manager. And what happens next, will i have to generate a new root certificate so that i can use on  a NPS server?

 

I would love if someone can respond since there isn't much guides out there that discuss the process using microsoft  network policy server.

Labels:
0 Helpful
2 Replies 2

James Hawkins
Level 8
Level 8

‎02-21-2015 10:47 AM

Have you seen the guide at the link below?

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html

The doc below also has some good content relating to certs which will help you understand how they work.

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-presence/116917-technote-certificate-00.html

0 Helpful

dzuest
Level 1
Level 1
In response to James Hawkins

‎08-18-2015 10:59 AM

I've been looking for a guide like the one above, but references ISE instead of the old ACS platform.  I already had the guide linked above and it was last updated July of 2014 and it unfortunately only references ACS which was replaced by ISE. 

I am not familiar with ISE and its interface and won't get access to it for a few weeks, (our security group has a lab but its being rebuilt and upgraded so I haven't gotten access to it yet) and I wanted to get a design together before hand.  So, my question is, do you pretty much follow the same steps to get your phones authenticated with ISE as you did with ACS in the old document?  Are their interfaces so similar it doesn't necessitate a new document on Cisco's part?

I think its crazy that there's this whole new platform out there to do 802.1x on, but the only document that's floating around the internet that explains how to configure it is from over a year ago using an old platform that has been replaced.

If anyone has any answers or info that would be great.  I've searched, with every possible combo of 802.1x/Cisco IP Phone/ISE I could come up with and I always get the same results with the same old doc I've had for 6+months.  I also went through the 900+ page ISE 1.3 Admin guide and came away with nothing except bits and pieces of basic authentication info I already know. 

 

Thanks in advance!!

-Dayne

0 Helpful
Customers Also Viewed These Support Documents