Security

Reply
Occasional Contributor II

802.1x Through IP Phones

Hello Community! 

 

I have been searching like crazy for a method in which both (MAC and Port-based) are enabled. 

 

My Scenario is as follow: 

 

PC/Laptop ------- IP PHONE ----- Aruba Switch ----- Clearpass

 

Basically, I need to authenticate both (IP PHONE using MAB and Laptop using 802.1x). The thing is that when I configured the port, My Laptop is not getting any IP address (unauth-vid) so it is not getting authenticated. 

 

My configuration on the port is as follow: 

aaa port-access authenticator 25

aaa port-access authenticator 25 quiet-period 30
aaa port-access authenticator 25 tx-period 2
aaa port-access authenticator 25 supplicant-timeout 2
aaa port-access authenticator 25 server-timeout 10
aaa port-access authenticator 25 max-requests 3
aaa port-access authenticator 25 auth-vid 15
aaa port-access authenticator 25 unauth-period 10
aaa port-access authenticator 25 client-limit 2

 

aaa port-access mac-based 25 addr-limit 2
aaa port-access mac-based 25 logoff-period 86400
aaa port-access mac-based 25 quiet-period 30
aaa port-access mac-based 25 server-timeout 10
aaa port-access mac-based 25 auth-vid 150

aaa port-access mac-based 25 unauth-vid  200

 

aaa port-access authenticator active

 

I found a guide which is: Clearpass Wired policy enforcement. To be honest, I see that they enabled a local authorization that enables DHCP and DNS but I do not understand how they will be assing to the "initial" vlan that has access to the feautres needed to be authenticated. 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: