Solved: Re: Cisco 3905 IP Phone and Ise 2.4 802.1x

Charles.White · ‎12-02-2021

Hi all,

I am in the process of setting up (testing) 802.1x on a single switch. I have AD machines working. As well as IP phones 8851 and 7841 (Using CAPF). But I cannot get 3905s to authenticate correctly. They don't have the cert settings like the other phones.

What policy set condition should I be using to authenticate 3905 Phones or is it not possible? I fee like it should be possible with EAP-MD5 but I just don't see how to set it up correctly.

Cisco ISE 2.4 update 14

Switch C3560C 12.2(55)EX2

Thanks

Charles

Greg Gibbs · ‎12-02-2021

See a similar scenario and suggestion in this post - 7937G EAP MD5 ISE

The alternative is to use MAB + Profiling to authorise the phone. There is no specific default Profiling Policy for the 3905 (probably since it's been End of Support since Jan 2019), but you could create one based on the CDP info seen by ISE.

View solution in original post

balaji.bandi · ‎12-02-2021

If they are not have supplicant, then you need to go with MAB authentication

https://www.youtube.com/watch?v=t5ATkDaZvAM

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Greg Gibbs · ‎12-02-2021

See a similar scenario and suggestion in this post - 7937G EAP MD5 ISE

The alternative is to use MAB + Profiling to authorise the phone. There is no specific default Profiling Policy for the 3905 (probably since it's been End of Support since Jan 2019), but you could create one based on the CDP info seen by ISE.

Charles.White · ‎12-03-2021

I finally got it working before you replied but was getting Unknown or Invalid for the name. And that post has how to fix that issue. Thank you!

Charles