I am part of a diverse team that is in the process of implementing a VoIP solution within our organisation, which will see approximately 3000 new telephones deployed to the desktop accross a Geographically dispersed network. One of the criteria that has been chosen as part of the solution is the use of Dot1x for the Authorisation and Authentication (A & A) of hosts connected to the network. I am having some difficultly getting it to work and I was wondering if there is a simple whitepaper or solutions document somewhere that will assist in the implementation.
I should point out a few of the hurdles that I face as I don't belieive the solution will necessarily be straight forward. So here goes:-
- We currently use CISCO ACS 4.1 as a TACAS+ server to authenticate Management access to our fleet of approximately 300 network devices.
- Many of the VoIP phones will act as a switch for a Desktop Workstaion, thus each switch port will need to automatically A & A two hosts into sperate Vlans.
- The organisation uses seperate DHCP Servers to issue IP addresses to hosts on the network
- We are looking to use ACS 4.1 as the Radius Server but this has not been completely agreed on yet. The other alternative is the use of a Windows Server trunning IAS.
I have found a number of documents on the A & A of Windows based hosts to the Radius Server but can't seem to find much information regarding CISCO VoIP phones, in particular how to set up the VoIP Phone as a user in ACS.
Any assistance or guidance on this matter will be appreciated