I have a rule in wired MAB called VOIP Phones. I am trying to determine how the phone is getting authorized in
the switchport configuration is below:
interface GigabitEthernet0/13
description Dan's Desk1
switchport access vlan 102
switchport mode access
switchport voice vlan 200
switchport port-security maximum 100
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
no logging event link-status
authentication event fail action authorize vlan 31
authentication event server dead action authorize vlan 31
authentication event no-response action authorize vlan 31
authentication host-mode multi-host
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication periodic
authentication violation protect
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 15
dot1x timeout supp-timeout 7
spanning-tree portfast
Accepted Solutions
ISE utilizes a multitude of methods to profile Cisco IP Phones. DHCP, CDP, LLDP, NMAP, OS, Platform, etc.
You can look at the Device Profile Policy to get an idea:
To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.
ISE utilizes a multitude of methods to profile Cisco IP Phones. DHCP, CDP, LLDP, NMAP, OS, Platform, etc.
You can look at the Device Profile Policy to get an idea:
To see how each phone is actually being identified and profiled within ISE, you need to look at the Profiled Endpoints Summary by going to Operations > Reports > Endpoints and Users and selecting the report.
