cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2118
Views
0
Helpful
2
Replies

ISE Compatibility with Alcatel-Lucent phone

Melantrix
Level 1
Level 1

Hello,

 

In our ISE deployment, we've alcatel-Lucent phones.

 

For now the phones are authenticated with MAB, but all phone's support  Dot1x .

I've checked and downloaded certificates from the website of Alcatel Lucent. but still the phone's said Dot1x auth failed.

 

Mab worked, but we're recieving errors as we can see in ISE:

 

12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain
12508 EAP-TLS handshake failed

 

Portconfig:

switchport mode access
switchport voice vlan 319
ip access-group permitany in
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast

 

Could anyone help me further?

 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

I would suggest to perform a packet capture and check what is the unknown CA certificate. Once identified, you may import it to ISE Trusted Certificates and enable it for client authentications.

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

I would suggest to perform a packet capture and check what is the unknown CA certificate. Once identified, you may import it to ISE Trusted Certificates and enable it for client authentications.

lotusbakeries
Level 1
Level 1

I just found the certificates to add to ISE on Reddit, credits to the original poster.

Alcatel phone certificates