08-20-2017 08:01 PM
Hello Experts,
My customer is going to replace their existing DX-650 phones with Cisco 8865 phones for VPN home phone setup. They were using device-type information from radius authentication packet for creating policy on ISE. To be specific, they were using using device type field as below:
Cisco 8865 is not sending any such such unique "ciscoavpair" attribute that can be used in this case. Can you suggest an alternative please?
Thanks & Regards,
Pulkit
Solved! Go to Solution.
08-22-2017 10:33 AM
The device-type is part of AnyConnect Identity Extensions (ACIDEX) supported in ISE 1.3+, ASA 9.2.1+ and AnyConnect 3.1MR5+ for desktop OS's, Android, and Apple iOS. Please consult the phone platform support team whether it has this particular AnyConnect VPN feature.
08-21-2017 10:37 PM
Ok we see what is the switch information about DX-650 but give us some log what u see when u connect Cisco 8865
08-21-2017 10:53 PM
This is from the 8865 deployment guide -
" The Cisco IP Phone 8861 and 8865 currently support automatic provisioning of the PAC only, so enable Allow anonymous inband PAC provisioning on the RADIUS server as shown below. Both EAP-GTC and EAP-MSCHAPv2 must be enabled when Allow anonymous in-band PAC provisioning is enabled. "
You might want to follow the document at https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cuipph/8841_8851_8861/10_5/english/DeploymentGuide/CiscoIPPhone8…
08-22-2017 10:33 AM
The device-type is part of AnyConnect Identity Extensions (ACIDEX) supported in ISE 1.3+, ASA 9.2.1+ and AnyConnect 3.1MR5+ for desktop OS's, Android, and Apple iOS. Please consult the phone platform support team whether it has this particular AnyConnect VPN feature.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: