Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
0
Helpful
2
Replies

Dot1x and ip-phones

kare.nilssen
Level 1
Level 1

‎06-03-2010 06:14 AM - edited ‎03-06-2019 11:24 AM

We are deploying dot1x in a relativly large network. We are going to use PEAP-TLS machine authentication (no user auth) with mac-address bypass. How do we handle ip-phones in this scenario? Do we need to authenticate the phone with PEAP-TLS or can we use mac-address authentication for the phones? How do we handle the voice vlan on a dot1x enabled port, will the static command voice vlan xxx work on a dot1x enabled port and is this a security issue?

Labels:
0 Helpful
2 Replies 2

elliott.fougman
Level 1
Level 1

‎06-15-2010 03:35 AM

Hi Kaare,

It is now possible to authenticate the phone against Cisco ACS using either EAP-MD5 or EAP-FAST, this assumes that your access switches are reasonably new and support MDA (multi domain authentication).  I will try and post some documentation on how this is achieved as I had a case open with TAC who were able to get this scenario working for us.

Having said that MAC Auth Bypass is a perfectly acceptable option as is putting the phones into a guest vlan.

Kind Regards

Elliott

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎06-15-2010 08:35 AM 

We are deploying dot1x in a relativly large network. We are going to
use PEAP-TLS machine authentication (no user auth) with mac-address
bypass. How do we handle ip-phones in this scenario? Do we need to
authenticate the phone with PEAP-TLS or can we use mac-address
authentication for the phones? How do we handle the voice vlan on a
dot1x enabled port, will the static command voice vlan xxx work on a
dot1x enabled port and is this a security issue?

Hi,

Check out the below link for ip phone configuration with 802.1x integration

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808abf2d.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card