11-16-2023 11:32 AM
Hello Everyone,
We are implementing the 802.1x authentification in our network and everything works quiet well with CIsco phones. The challenge we have is with NO Cisco devices . Please find below the list of devices we have in our organizatiion.
Téléphone Sans-Fil Yealink w73p |
Algo 8180 |
Pieuvre Konftel800 |
Pieuvre Poly Trio 8800 |
Intercom POE Algo 8201 |
Could you please let me know what would be the best approache for the no Cisco devices
Thanks,
MK
11-16-2023 11:50 AM
if you use MAB for Cisco Phone then you can use same for other vendor.
11-16-2023 12:11 PM
Thank you for relying.
We have more than 30K cisco devices. What we do for Cisco phones is to enable the 802.1x on the phone using BAT and configure the swicth ports with 802.1x. This process has been automated and it's working fine. The issue is the no cisco devices which they count over 2000 devices. How can we automat this process and avoid doing them one by one?
Thanks,
MK
11-20-2023 02:46 AM
I think you would need to contact those devices vendors asking them if they can provide a management system to allow you configuring all of them in one shot. From ISE policies perspective it won't change much. For example, if you are doing dot1x with EAP-PEAP, then you can use the same credentials on all the phones, Cisco and non-Cisco included, and if you are doing EAP-TLS, then you can use the same certificates issuer across all of them. However, if you want to do MAB for those non-Cisco devices, the easiest way to deal with this would be using ISE profilier. If ISE would profile them correctly, then you can configure ISE authorization rules with the logical profiles that would match those phones.
11-20-2023 03:53 AM
As noted by @Aref Alsouqi, most enterprise class devices have some sort of centralized provisioning server that can be used to deploy things like device configuration details, including certificates.
A 5 minute Google search reveled this to be the case for Yealink, Konftel and Poly. Algo devices are behind a registration portal.
If you are unable to provision certificates for 802.1x with EAP-TLS, you can use MAB with device profiling directly from ISE.
11-20-2023 11:04 AM
Thank you guys for responding.
Unfortunately, we don't use ISE. We use PacketFence instead!
Is there any step by step document that I can follow in order to be able to accomplished this task?
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide