During the initial roll out of 802.1x in our corporate environment we are testing IP Phones and how they authenticate against ClearPass. We've found that it may be best to perform MAB against a local repository that we populate with IP phone MAC addresses to start with, then at some point in the future move to enabling 802.1x on the phones (if possible) and load them with certificates.
We'd like to have the phones use the voice vlan assigned on each port, as we'll have numerous branch offices with different voice vlans at each attempting to authenticate. In that scenario we can't send back a unique voice vlan and would like to just send the [Allow Access Profile].
My question then is - is it a best practice to use the original [Endpoints Repository] or should we create a unique one for IP Phones specifically (then one for printers, access points, etc)?