Is there a way of creating a seperate MAB group for non 8021.x Cisco IP Phones and another for all other devices? Like to avoid hackers PCs changing their MAC address to a valid Phone MAC address to gain access.
Like to create a MAB group, that can only be used by Cisco IP Phones, as a added security.
I agree with you, however, if the aim is to avoid someone to change the MAC address of his PC, spoofing a valid Phone MAC.. I'm afraid that there's not a true solution with that.
This is not a limitation in ACS 5, the issue is that MAB relies just on the MAC address to identify a device and if that is valid the resulting auth/autz will be the same for an authorized phone or an unauthorized "clone".
One thing you may consider is to assign the phones to a VLAN where you only allow the traffic strictly needed for the phones operation...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...