Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2596
Views
15
Helpful
4
Replies

mac auth

Go to solution
suthomas1
Level 6
Level 6

‎08-04-2021 05:55 PM

Good day all,

 

To get an IP phone connected to network via mac auth, is there any setting to be done on the ip phone itself?

there appears to be an authentication/802.1x option in it...what state does it need to be in for successful  mac-auth.

 

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to suthomas1

‎08-04-2021 06:47 PM

If you're OK with the phones doing mab then that's fine. They will work without issue.

 

Yes, you would enable the phones to do 802.1x and eap-tls if you wanted to use the mic cert. 

View solution in original post

4 Replies 4

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎08-04-2021 06:07 PM

Most rely on mac auth aka MAB to authorize phones to the network. Depending on the vendor, you certainly could leverage the phone supplicant to do 802.1x, I see a mix of companies that go that route vs not. 

Cisco phones are fairly easy to configure from call manager to use the built in manufacture installed cert, but you could go further and issue your own certs to them.

More often we focus on authorizing phones to the voice vlan. If your phones are showing in the show auth sessions cli command as voice domain, then you already have that covered. 

Go to solution
suthomas1
Level 6
Level 6
In response to Damien Miller

‎08-04-2021 06:29 PM

Thnaks Damien.

if using MAB only, does the auth option inside the cisco phone needs to be enabled?

If using manufacturer cert, that will be eap-tls i believe ? & in that case auth on phone should be turned on?

 

 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to suthomas1

‎08-04-2021 06:47 PM

If you're OK with the phones doing mab then that's fine. They will work without issue.

 

Yes, you would enable the phones to do 802.1x and eap-tls if you wanted to use the mic cert. 

Go to solution
suthomas1
Level 6
Level 6
In response to Damien Miller

‎08-04-2021 08:54 PM

So being MAB, will the mac be learnt by ise if the auth is turned off on the phone itself? or does it need auth turned on for mac to be learnt by ise unless mac is manually entered into ise?

0 Helpful
Top