Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

PC connected to IP Phone, how to authenticate both

This thread has been viewed 4 times

  • 1.  PC connected to IP Phone, how to authenticate both

    Posted Jul 03, 2016 04:47 AM

    I have a steup where there are PCs connected to network through IP phones.

    What is the optimal design to authenticate both;

    Authenticate IP phones through MAC auth and authenticate the PC through 802.1x and MAC auth,

    So that the switch port will not open if one (Phone or PC) failed the authentication.

     

    Thanks

     

    Regards

    Mahmmoud



  • 2.  RE: PC connected to IP Phone, how to authenticate both

    EMPLOYEE
    Posted Jul 03, 2016 07:08 AM

    What you can do, depends on the phone, the switch and what radius server you have authenticating them..



  • 3.  RE: PC connected to IP Phone, how to authenticate both
    Best Answer

    MVP
    Posted Jul 04, 2016 09:01 AM

    As cjoseph already said, it raly depends on your equipement what is possible.

     

    Most switches support session based authentication which means you ould do dot1x for both devices. Authentication success (or faillure) for 1 device doesn't matter/influence the authentications of other devices on the same port.

     

    So the best would be session based with both devices doing dot1x, although I've often seen dot1x for the PC and mac for the phone. 

    Most important is the requirement for session based as opposed to port based authentication.