Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1597
Views
3
Helpful
3
Replies

802.1x Phone Deployment

Go to solution
rob.alvarado@live.com
Level 1
Level 1

‎02-26-2018 11:42 AM

Good afternoon!

We are wanting to deploy 802.1x throughout all of our phones company wide rather than using MAB authentication. Is there any information in regards to ISE deployments that utilize 802.1x authentication?   All documentation I have found points towards ACS and while that helps I much rather have documentation that pertains to ISE. 

Thanks,

-Robert

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎02-26-2018 01:13 PM

You can look at Phone & Collaboration Authentication Capabilities for what devices do what.

Other than that, you will need to provision the phones for 802.1X with Username & Passwords or Certificates.

You typically do this via the Call Manager.

Just be sure that the phones will trust the ISE certificate (dont use self-signed certs!!!) and that ISE will trust the certificate used to sign the phone certificates.

Other than that, follow How To: Universal IOS Switch Config for ISE for switchport configuration.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
thomas
Cisco Employee
Cisco Employee

‎02-26-2018 01:13 PM

You can look at Phone & Collaboration Authentication Capabilities for what devices do what.

Other than that, you will need to provision the phones for 802.1X with Username & Passwords or Certificates.

You typically do this via the Call Manager.

Just be sure that the phones will trust the ISE certificate (dont use self-signed certs!!!) and that ISE will trust the certificate used to sign the phone certificates.

Other than that, follow How To: Universal IOS Switch Config for ISE for switchport configuration.

0 Helpful

Go to solution
rob.alvarado@live.com
Level 1
Level 1
In response to thomas

‎02-26-2018 01:24 PM

Thank you Thomas!

I'm beginning to realize a lot of this is on the call manger side so I think I'm good with ISE.

Man, I really wish I had the Universal ISE Switch Config Document 5 months ago...would have saved me soooooooo much time. 

Nevertheless, thanks for replying in a timely manner. 

-Robert

Go to solution
rob.alvarado@live.com
Level 1
Level 1

‎04-19-2018 02:10 PM

 

Thanks Guys. 

 

 

So we are really starting to ramp this project up and I'm having some issues.

 

 

Before we start I want to say we are going with LSC's rather than MIC's  so what that being said here we go...

 

 

So in regards to the CM Cert.  We were able to export a Root CA CAPF from Call Manage with no issues. I have since uploaded the PEM as a trusted ISE cert.  My problem starts with Authentication.  As of this moment we are utilizing machine certs on our desktops but use an Identify Source Sequence that points to AD for further authentication.

 

 

In my test environment it seems I can only get one of them to work at the same time.  I'm sure I’m missing something from the equation but for the life of me can't think what it is.  I have even attempted to change the Authentication policy but i'm having no luck. 

 

 

Does anyone have any suggestions? 

 

 

You would deff be a life saver!

 

 

Thanks in advance,

 

-Robert

 

 

0 Helpful
Customers Also Viewed These Support Documents