Dot1x and ip-phones

Unanswered Question

We are deploying dot1x in a relativly large network. We are going to use PEAP-TLS machine authentication (no user auth) with mac-address bypass. How do we handle ip-phones in this scenario? Do we need to authenticate the phone with PEAP-TLS or can we use mac-address authentication for the phones? How do we handle the voice vlan on a dot1x enabled port, will the static command voice vlan xxx work on a dot1x enabled port and is this a security issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
elliott.fougman Tue, 06/15/2010 - 03:35
User Badges:

Hi Kaare,


It is now possible to authenticate the phone against Cisco ACS using either EAP-MD5 or EAP-FAST, this assumes that your access switches are reasonably new and support MDA (multi domain authentication).  I will try and post some documentation on how this is achieved as I had a case open with TAC who were able to get this scenario working for us.


Having said that MAC Auth Bypass is a perfectly acceptable option as is putting the phones into a guest vlan.


Kind Regards


Elliott

Ganesh Hariharan Tue, 06/15/2010 - 08:35
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

We are deploying dot1x in a relativly large network. We are going to
use PEAP-TLS machine authentication (no user auth) with mac-address
bypass. How do we handle ip-phones in this scenario? Do we need to
authenticate the phone with PEAP-TLS or can we use mac-address
authentication for the phones? How do we handle the voice vlan on a
dot1x enabled port, will the static command voice vlan xxx work on a
dot1x enabled port and is this a security issue?


Hi,


Check out the below link for ip phone configuration with 802.1x integration


http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion