Q:
What attribute should we enforce from ClearPass while configuring multidomain(MDA) authentication with Cisco switches?
A:
Multidomain authentication (MDA) allows both a data device and voice device, such as an IP phone, to authenticate on the same switch port. If the authentication order includes the 802.1X port authentication method, we should enable IEEE 802.1X authentication on the switch.
We should configure the voice VLAN for the IP phone when the host mode is set to multi-domain. With voice vlan configured on the switch, CPPM should be configured to send a Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice, as shown below.
See the ClearPass Solution Guide for Wireless Policy Enforcement for complete details and sample configurations.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.