This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a rule in wired MAB called VOIP Phones. I am trying to determine how the phone is getting authorized in
the switchport configuration is below:
interface GigabitEthernet0/13
description Dan's Desk1
switchport access vlan 102
switchport mode access
switchport voice vlan 200
switchport port-security maximum 100
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
no logging event link-status
authentication event fail action authorize vlan 31
authentication event server dead action authorize vlan 31
authentication event no-response action authorize vlan 31
authentication host-mode multi-host
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication periodic
authentication violation protect
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 15
dot1x timeout supp-timeout 7
spanning-tree portfast
Solved! Go to Solution.
ISE utilizes a multitude of methods to profile Cisco IP Phones. DHCP, CDP, LLDP, NMAP, OS, Platform, etc.
You can look at the Device Profile Policy to get an idea:
To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.
What do you mean “how the phone is getting authorized?” Have you searched the live log for the phone’s mac address?
The MAC address for the phones does not show up in live logs
ISE utilizes a multitude of methods to profile Cisco IP Phones. DHCP, CDP, LLDP, NMAP, OS, Platform, etc.
You can look at the Device Profile Policy to get an idea:
To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.
Thanks. That helps