Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1558
Views
15
Helpful
4
Replies

802.1X NPS SERVER / CISCO 7800 SERIES

yvanderunes802438600
Level 1
Level 1

‎03-28-2021 01:15 PM

Hi there,

 

I'm trying to deploy 802.1X infrastructure for the first time.

I have one network with two VLAN one for the data and one for the voice.

 

I configure my NPS with EAP-TLS and certificate for the authentification.

 

The certificate are auto enroll via GPO for all the computer.

 

Everything is working well for Wifi, Switch except one thing.

 

The IP Phones only authentificate if one supplicant computer is connect behind.

 

I want to know the best practice to auth the IP Phones too.

 

The switches are netgear ... not my choice but it's the switches

 

I never use this kind of ip phones. The easy way to allow and the less secure is to do a NPS Mac auth bypass ? to allow this equipements ? What about install certificate on this equipement ?

 

Regards

Labels:
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-28-2021 03:43 PM

Depends on the phone, some phones support Certificate, some are not, So best practice MAB - rather complicating things.

 

Hoping since you posted in the cisco community NPS is ISE or MS NPS(NPAS)?

 

here is the voice and Data deployment guide ISE point of you :

 

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

yvanderunes802438600
Level 1
Level 1
In response to balaji.bandi

‎03-29-2021 02:15 AM

Thank you for your answer. I'm using Microsoft NPS services. 

Marcelo Morais
VIP
VIP

‎03-29-2021 04:23 AM

Hi @yvanderunes802438600

 please take a look at the link: 7800 Series Phone Security. for more information on the Cisco IP Phone 7800 Series.

Note: the IP Phone 7800 Series can be connect to the Cisco Communication Manager Call Control or with a Third-Party Call Control, please double check what is your case.

 

Hope this helps !!!

 

0 Helpful

yvanderunes802438600
Level 1
Level 1
In response to Marcelo Morais

‎03-29-2021 08:46 AM

Thank you for the advice. I found this link : https://social.technet.microsoft.com/Forums/en-US/6d78c698-a087-48cb-bc73-9566aa61bf10/using-nps-with-cisco-ip-phones?forum=winserverNAP

 

I'm going to follow indication to do auth ip phones with the MIC certificate cisco and map after on username.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents