Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4059
Views
0
Helpful
15
Replies

Connecting Grandstream IP Phones to Cisco Ise

Tutu
Level 1
Level 1

‎10-08-2020 03:12 AM - edited ‎10-08-2020 03:17 AM

Hello,

Im trying to add grandstream IP phones to Cisco ISE, IT i as authenticating and i am even receiving an IP address but i can not make calls. Please help me.

Overview
Event 5200 Authentication succeeded
Username C0:74:AD:17:59:6B
Endpoint Id C0:74:AD:17:59:6B
Endpoint Profile Unknown
Authentication Policy Wired >> MAB
Authorization Policy Wired >> Employees
Authorization Result PermitAccess,Employee,IPPhones,Employees

Authentication Details
Source Timestamp 2020-10-08 09:14:19.605
Received Timestamp 2020-10-08 09:14:19.605
Policy Server ISE-PAN
Event 5200 Authentication succeeded
Username C0:74:AD:17:59:6B
User Type Host
Endpoint Id C0:74:AD:17:59:6B
Calling Station Id C0-74-AD-17-59-6B
Endpoint Profile Unknown
IPv4 Address 192.168.0.160
Authentication Identity Store Internal Endpoints
Identity Group Grandstream_IP_Phones
Audit Session Id 0AC8D064000000360DD05C21
Authentication Method mab
Authentication Protocol Lookup
Service Type Call Check
Network Device Test
Device Type All Device Types#Wired
Location All Locations#=HQ
NAS IPv4 Address 10.200.208.100
NAS Port Id GigabitEthernet1/0/10
NAS Port Type Ethernet
Authorization Profile PermitAccess,Employee,IPPhones,Employees
Security Group Employees
Response Time 101 milliseconds

Other Attributes
ConfigVersionId 112
DestinationPort 1812
Protocol Radius
NAS-Port 50110
Framed-MTU 1500
OriginalUserName c074ad17596b
NetworkDeviceProfileId b0699505-3150-4215-a80e-6753d45bf56c
IsThirdPartyDeviceFlow false
AcsSessionID ISE-PAN/391434383/9120
UseCase Host Lookup
SelectedAuthenticationIdentityStores AD
SelectedAuthenticationIdentityStores Internal Users
SelectedAuthenticationIdentityStores Internal Endpoints
AuthenticationStatus AuthenticationPassed
IdentityPolicyMatchedRule MAB
AuthorizationPolicyMatchedRule Employees
EndPointMACAddress C0-74-AD-17-59-6B
ISEPolicySetName Wired
IdentitySelectionMatchedRule MAB
IsMachineIdentity false
DTLSSupport Unknown
HostIdentityGroup Endpoint Identity Groups:Grandstream_IP_Phones
Network Device Profile Cisco
Location Location#All Locations#HQ
Device Type Device Type#All Device Types#Wired
IPSEC IPSEC#Is IPSEC Device#No
RADIUS Username C0:74:AD:17:59:6B
Device IP Address 10.200.208.100
CPMSessionID 0AC8D064000000360DD05C21
Called-Station-ID 3C:41:0E:F2:25:0A
CiscoAVPair service-type=Call Check,
audit-session-id=0AC8D064000000360DD05C21,
method=mab

Result
UserName C0:74:AD:17:59:6B
User-Name C0-74-AD-17-59-6B
Class CACS:0AC8D064000000360DD05C21:TCRA-ISE-PAN/391434383/9120
Tunnel-Type (tag=0) VLAN
Tunnel-Medium-Type (tag=0) 802
Tunnel-Private-Group-ID (tag=0) 301
cisco-av-pair ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP--Employee-5f6da441
cisco-av-pair device-traffic-class=voice
cisco-av-pair cts:security-group-tag=0004-00
cisco-av-pair profile-name=Unknown
LicenseTypes Base license consumed


Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
11027 Detected Host Lookup UseCase (Service-Type = Call Check (10))
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
15048 Queried PIP - Normalised Radius.RadiusFlowType
15048 Queried PIP - DEVICE.Device Type
15041 Evaluating Identity Policy
15048 Queried PIP - Network Access.EapAuthentication
22072 Selected identity source sequence - Basic_Internal
15013 Selected Identity Source -AD
24432 Looking up user in Active Directory - -AD
24325 Resolving identity - C0-74-AD-17-59-6B
24313 Search for matching accounts at join point - *****.go.tz
24318 No matching account found in forest - *****.go.tz
24322 Identity resolution detected no matching account
24352 Identity resolution failed - ERROR_NO_SUCH_USER
24412 User not found in Active Directory - -AD
15013 Selected Identity Source - Internal Users
24210 Looking up User in Internal Users IDStore - C0:74:AD:17:59:6B
24216 The user is not found in the internal users identity store
15013 Selected Identity Source - Internal Endpoints
24209 Looking up Endpoint in Internal Endpoints IDStore - C0:74:AD:17:59:6B
24211 Found Endpoint in Internal Endpoints IDStore
22037 Authentication Passed
24715 ISE has not confirmed locally previous successful machine authentication for user in Active Directory
15036 Evaluating Authorization Policy
15016 Selected Authorization Profile - PermitAccess,Employee,IPPhones,Employees
15016 Selected Authorization Profile - PermitAccess,Employee,IPPhones,Employees
11022 Added the dACL specified in the Authorization Profile
15016 Selected Authorization Profile - PermitAccess,Employee,IPPhones,Employees
15016 Selected Authorization Profile - PermitAccess,Employee,IPPhones,Employees
24209 Looking up Endpoint in Internal Endpoints IDStore - C0:74:AD:17:59:6B
24211 Found Endpoint in Internal Endpoints IDStore
11002 Returned RADIUS Access-Accept

 

 

grandstreampolicy.pnggrandstreampolicy2.pngpoliciesgranstream1.png

0 Helpful
15 Replies 15

Tutu
Level 1
Level 1
In response to Aref Alsouqi

‎10-13-2020 02:43 AM

It seems like it is getting the IP address from here. i have disabled it.

dhcp.png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card