Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
993
Views
0
Helpful
5
Replies

intregation Cisco Unified communication manager 7 with ACS cisco Segure

Go to solution
eljose_lol
Level 1
Level 1

‎06-14-2011 12:11 PM - edited ‎03-16-2019 05:27 AM

Hi All!

Can do CCM V7 be integrated with ACS for autentication IP Phones?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to eljose_lol

‎06-15-2011 01:45 PM

There is a model-specific configuration parameter that allows you to enable/disable 802.1x support on the Device Configuration page.

What do you want the phone to use to authenticate itself? Unless you want users to be authenticating the phone with their user credentials the document I referenced is your place to start. You'll need to get certificates deployed to the phones so they can provide that to the switch for authentication.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎06-15-2011 06:28 AM

Yes. You can place the cluster in mixed mode, have CAPF generate LSC certificates to the phones as a subordinate CA to your internal root CA, and then have the phones perform 802.1x authentication. This is not a trivial task though. Here's the document to get you started: Cisco Unified Communications Manager Security Guide, Release 7.1(2)

Note that you can also use the MIC (that term will make sense after reading the security guide) to provide limited network access for a phone without an LSC. The intention here is to provide the phone enough access to enroll in an LSC through CUCM CAPF and then re-authenticate to the switch for full network access with it's LSC.

0 Helpful

Go to solution
eljose_lol
Level 1
Level 1
In response to Jonathan Schulenberg

‎06-15-2011 01:36 PM

Hi Jonathan

In my case i need to phones authentication via 802.1x with ACS. Where i can do this in the CCM?

thanks

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to eljose_lol

‎06-15-2011 01:45 PM

There is a model-specific configuration parameter that allows you to enable/disable 802.1x support on the Device Configuration page.

What do you want the phone to use to authenticate itself? Unless you want users to be authenticating the phone with their user credentials the document I referenced is your place to start. You'll need to get certificates deployed to the phones so they can provide that to the switch for authentication.

0 Helpful

Go to solution
eljose_lol
Level 1
Level 1
In response to Jonathan Schulenberg

‎06-17-2011 09:01 AM

ok, and how to get certificates deployed to the phones so they can provide that to the switch for authentication?

+5 thanks a lot, keep in contact,

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to eljose_lol

‎06-29-2011 10:02 AM

Getting certificates on the phone is no small task. The security guide is your best reference. Here are the high-level steps from memory:

  1. Order a pair of hardware tokens (part KEY-CCM-ADMIN-K9=). You must have at least two! These are the private keys that you will use for signing the Certificate Trust List (CTL).
  2. Activate the server-side services (CAPF and CTL).
  3. Configure the CTL Client
  4. Instruct phones to install an LSC.

Table 7-2 outlines the steps/order for you in far greater detail. Again, I recommend doing this in a lab and reading the entire security guide first. This is easy to mess up.

0 Helpful
Customers Also Viewed These Support Documents