12-20-2019 09:42 AM
Good Day!
So, we have out ISE policy sets to use MAB for our VoIP phones. The issue presented to me is that a "rouge" computer can change it's MAC to the phone, disconnect the phone and plug in the rouge computer. Because that MAC is listed in my IP phones group it's allowing the workstation to connect (on the voice vlan).
I curious if any one has suggestions or maybe i'm looking at it the wrong way.
My thoughts so far, sometimes just writing stuff down asking questions help me solve and explore options.
1.) Even if i do voip 802.1x i would still have the fail over of using the MAC to authorize the phones.
2.) Can you call out if this device is using MAB, and the MAC is listed in my IP-PHONE MAC table, that it has to still show up in cdp as a cisco phone
3.) Our authorization profile just has "Voice Doman Permission", This place is already stupid crazy with ACL's and change things too often to keep it clean and this would be a last resort to have a very restrictive ACL.
4.) If a devices uses MAB does it still send all the radius attributes of the connecting device?
Thanks for the effort if you are reading this.
Solved! Go to Solution.
12-23-2019 01:58 AM
Hi
ISE has a feature called Anomalous Endpoint Detection to detect if a device's attributes changes:
hth
Andy
12-20-2019 09:48 AM
Here is the Switch Interface:
interface GigabitEthernet1/0/34 description P12-44 some dude switchport access vlan 12 switchport mode access switchport voice vlan 16 authentication control-direction in authentication event fail action next-method authentication host-mode multi-domain authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server mab dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast
Here is ISE Authorization Profile:
Access Type = ACCESS_ACCEPT cisco-av-pair = device-traffic-class=voice
12-23-2019 01:58 AM
Hi
ISE has a feature called Anomalous Endpoint Detection to detect if a device's attributes changes:
hth
Andy
12-31-2019 08:29 AM
Thank you for the info!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: