Cisco IP 7841 802.1x Configuration

gercedeno · ‎02-13-2015

Hello Team,

I am working with a customer that requires 802.1x configured on their environment. Based on my research so far, I believe this is only way to make this work. Have any of you done this differently? Any feedback is greatly appreciated.

CUCM

Run the CTL Client to install the e-token so the CUCM Publisher can run the CAPF service
Export the Cisco_Root_CA cert and upload it to a Radius server (preferably Cisco ACS if possible) so the phones can authenticate with
Assign the cert to each phone that requires 802.1x authentication

LAN Switches

Stage the LAN switches without 802.1x so phones can retrieve the cert and complete the authentication before turning on 802.1x

Questions

Can phones be authenticated with its own MIC and the PCs with their own? Do phones and PCs have to run the same cert?
Is the MAB the only method to bypass the 802.1x phone authentication so only the PC can be authenticate via 802.1x without requiring the phone to do the 802.1x authentication?

Thanks in advance for your feedback,

Gerson

Jaime Valencia · ‎02-13-2015

This is Video Over IP, please move to a relevant area

HTH

java

if this helps, please rate

gercedeno · ‎02-13-2015

Jaime,

Thanks for pointing me to the correct area. By the way, do you have experience enabling 802.1x in CUCM? If so, do you think I am going in the right direction? Could you also provide some feedback on my questions?

Thanks,

Gerson

rramlal · ‎02-20-2015

Hello,

I am also working on a solution for this and have the same questions. Were you able to implement this solution?