cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
544
Views
0
Helpful
5
Replies

802.1x For No Cisco devices

mightyking
Level 6
Level 6

Hello Everyone,

We are implementing the 802.1x authentification in our network and everything works quiet well with CIsco phones. The challenge we have is with NO Cisco devices . Please find below the list of devices we have in our organizatiion.

 

Téléphone Sans-Fil Yealink w73p
Algo 8180
Pieuvre Konftel800
Pieuvre Poly Trio 8800
Intercom POE Algo 8201

Could you please let me know what would be the best approache for the no Cisco devices

Thanks,

MK

5 Replies 5

if you use MAB for Cisco Phone then you can use same for other vendor.

Thank you for relying.

We have more than 30K cisco devices. What we do for Cisco phones is to enable the 802.1x on the phone using BAT and configure the swicth ports with 802.1x. This process has been automated and it's working fine. The issue is the no cisco devices which they count over 2000 devices. How can we automat this process and avoid doing them one by one?

Thanks,

MK

I think you would need to contact those devices vendors asking them if they can provide a management system to allow you configuring all of them in one shot. From ISE policies perspective it won't change much. For example, if you are doing dot1x with EAP-PEAP, then you can use the same credentials on all the phones, Cisco and non-Cisco included, and if you are doing EAP-TLS,  then you can use the same certificates issuer across all of them. However, if you want to do MAB for those non-Cisco devices, the easiest way to deal with this would be using ISE profilier. If ISE would profile them correctly, then you can configure ISE authorization rules with the logical profiles that would match those phones.

Marvin Rhoads
Hall of Fame
Hall of Fame

As noted by @Aref Alsouqi, most enterprise class devices have some sort of centralized provisioning server that can be used to deploy things like device configuration details, including certificates.

A 5 minute Google search reveled this to be the case for Yealink, Konftel and Poly. Algo devices are behind a registration portal.

If you are unable to provision certificates for 802.1x with EAP-TLS, you can use MAB with device profiling directly from ISE.

Thank you guys for responding.

Unfortunately, we don't use ISE. We use PacketFence instead!

Is there any step by step document that I can follow in order to be able to accomplished this task?

Thanks,

Review Cisco Networking for a $25 gift card