Cisco Multidomain(MDA) authentication with ClearPass

Aruba Employee

Q:

What attribute should we enforce from ClearPass while configuring multidomain(MDA) authentication with Cisco switches?



A:

Multidomain authentication (MDA) allows both a data device and voice device, such as an IP phone, to authenticate on the same switch port. If the authentication order includes the 802.1X port authentication method, we should enable IEEE 802.1X authentication on the switch. 

We should configure the voice VLAN for the IP phone when the host mode is set to multi-domain. With voice vlan configured on the switch, CPPM should be configured to send a Cisco Attribute-Value (AV) pair attribute with a value of device-traffic-class=voice, as shown below.

See the ClearPass Solution Guide for Wireless Policy Enforcement for complete details and sample configurations.

Version history
Revision #:
3 of 3
Last update:
2 weeks ago
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: