Security

Reply
Frequent Contributor I

Cisco Switch Config for Cisco VoIP/ClearPass

Does anyone have a working Cisco switch config that uses Cisco VoIP phones authenticated through ClearPass MAC auth?  I need not only the interface config, but also the AAA if possible. 

Thank you in advance. 

 

Re: Cisco Switch Config for Cisco VoIP/ClearPass

GLOBAL CONFIG:
aaa new-model
aaa authorization network default local group radius
radius-server vsa send authentication
radius-server host <CPPM IP> auth-port 1812 acct-port 1813 key <KEY>
aaa authentication dot1x default group radius local
aaa authorization network default local group radius
aaa authorization auth-proxy default group radius
aaa server radius dynamic-author
client <CPPM IP> server-key <KEY>

 

INTERFACE CONFIG:

interface <Interface ID>
switchport access vlan <Data VLAN>
switchport mode access
authentication port-control auto
mab
 
IF you want you can send the Voice VLAN after a successfull authentication 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: Cisco Switch Config for Cisco VoIP/ClearPass

Thank you kindly, Victor.

 

Re: Cisco Switch Config for Cisco VoIP/ClearPass

Buena noches victor tengo el mismo ambiente queremos autenticar los telefonos con mac (MAB) y las computadoras conectadas al telefono y autenticarlas con 802.1x  , tengo la siguiente conf en el sw 

 

dot1x system-auth-control

lldp run

 

interface FastEthernet0/22
switchport access vlan 100
switchport mode access
switchport voice vlan 2
authentication host-mode multi-domain to authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 3
dot1x timeout supp-timeout 20
spanning-tree portfast

 

radius-server host CPPM
radius-server host CPPM auth-port 1812 key aruba123
radius-server host CPPM acct-port 1813 key aruba123
radius-server host CPPM auth-port 1812 acct-port 1813 key aruba123
radius-server retry method reorder
radius-server timeout 15
radius-server deadtime 15
radius-server vsa send authentication

 

Crees que este correcta la configuracion.

 

Saludos.

 

 

 

 

Re: Cisco Switch Config for Cisco VoIP/ClearPass

Se ve bien la configuracion

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: