Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
5
Replies

802.1x For No Cisco devices

mightyking
Level 6
Level 6

‎11-16-2023 11:32 AM

Hello Everyone,

We are implementing the 802.1x authentification in our network and everything works quiet well with CIsco phones. The challenge we have is with NO Cisco devices . Please find below the list of devices we have in our organizatiion.

 

Téléphone Sans-Fil Yealink w73p
Algo 8180
Pieuvre Konftel800
Pieuvre Poly Trio 8800
Intercom POE Algo 8201

Could you please let me know what would be the best approache for the no Cisco devices

Thanks,

MK

Labels:
0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎11-16-2023 11:50 AM

if you use MAB for Cisco Phone then you can use same for other vendor.

0 Helpful

mightyking
Level 6
Level 6
In response to MHM Cisco World

‎11-16-2023 12:11 PM

Thank you for relying.

We have more than 30K cisco devices. What we do for Cisco phones is to enable the 802.1x on the phone using BAT and configure the swicth ports with 802.1x. This process has been automated and it's working fine. The issue is the no cisco devices which they count over 2000 devices. How can we automat this process and avoid doing them one by one?

Thanks,

MK

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-20-2023 02:46 AM

I think you would need to contact those devices vendors asking them if they can provide a management system to allow you configuring all of them in one shot. From ISE policies perspective it won't change much. For example, if you are doing dot1x with EAP-PEAP, then you can use the same credentials on all the phones, Cisco and non-Cisco included, and if you are doing EAP-TLS,  then you can use the same certificates issuer across all of them. However, if you want to do MAB for those non-Cisco devices, the easiest way to deal with this would be using ISE profilier. If ISE would profile them correctly, then you can configure ISE authorization rules with the logical profiles that would match those phones.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-20-2023 03:53 AM

As noted by @Aref Alsouqi, most enterprise class devices have some sort of centralized provisioning server that can be used to deploy things like device configuration details, including certificates.

A 5 minute Google search reveled this to be the case for Yealink, Konftel and Poly. Algo devices are behind a registration portal.

If you are unable to provision certificates for 802.1x with EAP-TLS, you can use MAB with device profiling directly from ISE.

0 Helpful

mightyking
Level 6
Level 6
In response to Marvin Rhoads

‎11-20-2023 11:04 AM

Thank you guys for responding.

Unfortunately, we don't use ISE. We use PacketFence instead!

Is there any step by step document that I can follow in order to be able to accomplished this task?

Thanks,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card