Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1042
Views
0
Helpful
1
Replies

VoIP Vlans & NAC

news2010a
Participant
Participant

‎05-02-2012 05:09 PM - edited ‎03-10-2019 07:03 PM

Let's say VoIP network is going to be deployed in my organization.

GIven this is a FIPS-140-2 environment, we will have a separate MPLS network from data only dedicated for VoIP traffic.

If we also have NAC deployed, how is the best practice for NAC handling VoIP vlans and IP Phones?

From the reading the documentation I see that people exclude the VoIP VLAN from NAC. Is this right?

Question:

If it is true people should exclude VoIP VLAN traffic from getting to the NAC system, what happens if someone users a machine that fakes an IP Phone, but in reality it is a malicious PC in the network? How NAC is going to protect against that?

Labels:
0 Helpful
1 Reply 1

Eduardo Aliaga
Enthusiast
Enthusiast

‎05-12-2012 08:10 PM

IP Phones are excluded because NAC can't authenticate them. NAC uses "NAC agents" to authenticate and there are no "NAC agents" for IP phones.

I would recommend to use ISE instead of NAC appliances. Cisco ISE uses 802.1x and the newer families of Cisco IP Phones do support 802.1x authentication.

Please rate if it helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents