cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2360
Views
15
Helpful
4
Replies

mac auth

suthomas1
Level 6
Level 6

Good day all,

 

To get an IP phone connected to network via mac auth, is there any setting to be done on the ip phone itself?

there appears to be an authentication/802.1x option in it...what state does it need to be in for successful  mac-auth.

 

Thanks in advance.

1 Accepted Solution

Accepted Solutions

If you're OK with the phones doing mab then that's fine. They will work without issue.

 

Yes, you would enable the phones to do 802.1x and eap-tls if you wanted to use the mic cert. 

View solution in original post

4 Replies 4

Damien Miller
VIP Alumni
VIP Alumni

Most rely on mac auth aka MAB to authorize phones to the network. Depending on the vendor, you certainly could leverage the phone supplicant to do 802.1x, I see a mix of companies that go that route vs not. 

Cisco phones are fairly easy to configure from call manager to use the built in manufacture installed cert, but you could go further and issue your own certs to them.

More often we focus on authorizing phones to the voice vlan. If your phones are showing in the show auth sessions cli command as voice domain, then you already have that covered. 

Thnaks Damien.

if using MAB only, does the auth option inside the cisco phone needs to be enabled?

If using manufacturer cert, that will be eap-tls i believe ? & in that case auth on phone should be turned on?

 

 

If you're OK with the phones doing mab then that's fine. They will work without issue.

 

Yes, you would enable the phones to do 802.1x and eap-tls if you wanted to use the mic cert. 

So being MAB, will the mac be learnt by ise if the auth is turned off on the phone itself? or does it need auth turned on for mac to be learnt by ise unless mac is manually entered into ise?