04-28-2021 09:03 AM
We're are implementing 802.1X on our network. They want a generated CSR from our VTC endpoints(EX90's,C series and Room kits). My question is, can these endpoint generate a CSR or does a separate infrastructure device do that ie. CUCM,TMS,VCS
Thanks for any help!
04-28-2021 09:20 AM
Never deploy myself, some some time Polycom or SX device :
Look at the admin guide how you can do 802.1X authentication :
04-28-2021 09:34 AM
The Admin guide shows how to use the Pre-loaded 802.1X Certs. I wish it was that easy. From what I read the endpoints themselves cant generate a CSR. Want to be sure if I'm reading that correctly. Thanks though.
04-28-2021 09:39 AM
I do not have device "Pre-loaded 802.1X Certs." Generate Cert from PKI (ISE) and install - how we do for PC or any other devce as suplicant authentication. (not sure how difficult it is - you might have tried ? just giving hand to see if you can idea to fix it)
04-29-2021 12:26 AM
Providing a CSR implies some CA (ISE or an enterprise CA) is going to issue signed certificates. I don't believe these endpoint types support installing a certificate signed by anything other than their managing CUCM.
However, CUCM can act as a Certificate Authority (CA) and deploy certificates to registered devices. You could then add the CUCM CA as a trusted CA in ISE for 802.1X authentication of the endpoints.
05-03-2021 07:25 AM
Hello @johnflacuestactr
never did 802.1X on telepresence devices but cisco phones have a MIC (manufacture-installed certificate) already installed which we used for certain dot1x deployments just fine. Maybe this is something you can look at as well?
BR
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide