10-03-2017 02:45 PM
Greetings,
Just wanted to see if people have ideas or best practices. We are moving from an Avaya system using 802.1x username to log onto the network. We just got a dev system up yesterday for Cisco and they only do cert based 802.1x.
Right now I have ISE checking a field in the cert and letting them on, but auth fails since the cert is not from our domain.
So, here is my questions.
1: What is the best secure way to handle the phones?
2: If 802.1x cert, hat is the best way to issue/authz them?
(I'm not sure if UCS can be a CA, or ISE can do it)
We are on ISE 2.3
Thanks,
Solved! Go to Solution.
10-03-2017 08:13 PM
I have only played around with certs on the Cisco phones briefly, but you have two options:
Check out the 802.1x IP Telephony Design guide for more information:
10-03-2017 08:13 PM
I have only played around with certs on the Cisco phones briefly, but you have two options:
Check out the 802.1x IP Telephony Design guide for more information:
10-04-2017 09:26 AM
Thanks,
I didn't remember the cert being on ISE.I like the idea of a domain LSC,
This is also the fun of someone spending money and expecting you to implement after the fact with no prior info.
10-04-2017 10:21 AM
These are the certs in the trusted cert section I am talking about:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide