Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

160
Views
1
Helpful
4
Replies
Highlighted
d.worthley
Beginner
Beginner
‎11-28-2017 08:18 AM
‎11-28-2017 08:18 AM

Wired ISE question

I have a rule in wired MAB called VOIP Phones. I am trying to determine how the phone is getting authorized in

WIRED MAB POLICY.GIF

the switchport configuration is below:

interface GigabitEthernet0/13

description Dan's Desk1

switchport access vlan 102

switchport mode access

switchport voice vlan 200

switchport port-security maximum 100

switchport port-security

switchport port-security aging time 1

switchport port-security violation restrict

switchport port-security aging type inactivity

no logging event link-status

authentication event fail action authorize vlan 31

authentication event server dead action authorize vlan 31

authentication event no-response action authorize vlan 31

authentication host-mode multi-host

authentication order dot1x mab webauth

authentication priority dot1x mab webauth

authentication port-control auto

authentication periodic

authentication violation protect

mab

mls qos trust device cisco-phone

mls qos trust cos

dot1x pae authenticator

dot1x timeout quiet-period 10

dot1x timeout tx-period 15

dot1x timeout supp-timeout 7

spanning-tree portfast

Everyone's tags (6)
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Charlie Moreton
Cisco Employee
Cisco Employee
‎11-28-2017 09:25 AM
‎11-28-2017 09:25 AM

Re: Wired ISE question

ISE utilizes a multitude of methods to profile Cisco IP Phones.  DHCP, CDP, LLDP, NMAP, OS, Platform, etc.

You can look at the Device Profile Policy to get an idea:

IP_Phones.PNG

To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.

Profile_Report.PNG

View solution in original post

0 Helpful
Reply
4 REPLIES 4
Highlighted
gbekmezi-DD
Contributor
Contributor
‎11-28-2017 08:33 AM
‎11-28-2017 08:33 AM

Re: Wired ISE question

What do you mean “how the phone is getting authorized?” Have you searched the live log for the phone’s mac address?

0 Helpful
Reply
Highlighted
d.worthley
Beginner
Beginner
‎11-28-2017 08:43 AM
‎11-28-2017 08:43 AM

Re: Wired ISE question

The MAC address for the phones does not show up in live logs

0 Helpful
Reply
Highlighted
Charlie Moreton
Cisco Employee
Cisco Employee
‎11-28-2017 09:25 AM
‎11-28-2017 09:25 AM

Re: Wired ISE question

ISE utilizes a multitude of methods to profile Cisco IP Phones.  DHCP, CDP, LLDP, NMAP, OS, Platform, etc.

You can look at the Device Profile Policy to get an idea:

IP_Phones.PNG

To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.

Profile_Report.PNG

View solution in original post

0 Helpful
Reply
Highlighted
d.worthley
Beginner
Beginner
‎11-28-2017 10:40 AM
‎11-28-2017 10:40 AM

Re: Wired ISE question

Thanks.  That helps

0 Helpful
Reply
Latest Contents
How to Integrate Cisco Identity Services Engine with IBM Maa...
Created by pavagupt on 05-29-2020 12:45 AM
0
10
0
10
IntroductionComponentsIBM MaaS360 ConfigurationISE ConfigurationOnboard and validating access from Windows ClientEnrolling Windows 10 against IBM MaaS 360   Introduction Cisco Identity Services Engine (ISE) gives you intelligent Integrated protectio... view more
AMP4E - Cisco Threat Response and ESA Integration
Created by bremarqu on 05-27-2020 09:16 AM
0
0
0
0
Hello, This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.   This is live on the portal:https://video.cisco.com/video/6159336218001   And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg   ... view more
Migrate from C170 to C190
Created by fhk_license on 05-26-2020 02:24 AM
3
0
3
0
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
DGTL-BRKSEC-1011 - A Challenger Appears: Defending Mailboxes...
Created by chclasen on 05-20-2020 09:43 AM
0
0
0
0
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense. Join Techn... view more
ASA Image won't stay
Created by Senbonzakura on 05-19-2020 12:19 PM
3
0
3
0
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels