Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎04-04-2016

MAB for Cisco Phones

Hello,

 

I have a customer that installs a lot of Cisco Phones on their network. He needs that any Cisco Phone that is connected to their network it is automatically access granted. I am trying to create a service where the CPPM validates by fingerprinting (via DHCP) that the connected endpoint is a Cisco Phone  to allow access. It is not necessary that the MAC Address exists on the Endpoint Repository to grant access the phone, I only need to know that the endpoint is a Cisco Phone to grant their access.

 

The customer doesn't want a typical MAB where all the MACs are learned by CPPM and then the administrator has to access to endpoint repository to change the endpoint status from unknown to known to grant the access.

 

Can anyone share a configuration example to make it possible?

 

Thanks!

*
If it helps flease add Kudos
MVP
Posts: 4,272
Registered: ‎07-20-2011

Re: MAB for Cisco Phones

You can do the profiling using this technote:
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/UPDATED-ClearPass-Profiling-TechNote-V1-2/td-p/243541

Then in your enforcement you can use the endpoint > Category ( VoIP Phone ) and Device Name (Cisco IP Phone)

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: