Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1642
Views
5
Helpful
5
Replies

802.1X and Telepresence Endpoints

johnflacuestactr
Level 1
Level 1

‎04-28-2021 09:03 AM

We're are implementing 802.1X on our network. They want a generated CSR from our VTC endpoints(EX90's,C series and Room kits). My question is, can these endpoint generate a CSR or does a separate infrastructure device do that ie. CUCM,TMS,VCS

Thanks for any help!

0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎04-28-2021 09:20 AM

Never deploy myself, some some time Polycom or SX device :

 

Look at the admin guide how you can do 802.1X authentication :

 

https://www.cisco.com/c/en/us/td/docs/telepresence/cts_admin/1_10/admin/guide/cts_admin/ctsadmin_cfg.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

johnflacuestactr
Level 1
Level 1
In response to balaji.bandi

‎04-28-2021 09:34 AM

The Admin guide shows how to use the Pre-loaded 802.1X Certs. I wish it was that easy. From what I read the endpoints themselves cant generate a CSR. Want to be sure if I'm reading that correctly. Thanks though.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to johnflacuestactr

‎04-28-2021 09:39 AM

I do not have device  "Pre-loaded 802.1X Certs."  Generate Cert from PKI (ISE) and install - how we do for PC or any other devce as suplicant authentication. (not sure how difficult it is - you might have tried ? just giving hand to see if you can idea to fix it)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-29-2021 12:26 AM

Providing a CSR implies some CA (ISE or an enterprise CA) is going to issue signed certificates. I don't believe these endpoint types support installing a certificate signed by anything other than their managing CUCM.

However, CUCM can act as a Certificate Authority (CA) and deploy certificates to registered devices. You could then add the CUCM CA as a trusted CA in ISE for 802.1X authentication of the endpoints.

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html#pgfId-390402

rschlayer
Level 4
Level 4

‎05-03-2021 07:25 AM

Hello @johnflacuestactr 

never did 802.1X on telepresence devices but cisco phones have a MIC (manufacture-installed certificate) already installed which we used for certain dot1x deployments just fine. Maybe this is something you can look at as well?

BR
Rick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card