Security

Reply
Occasional Contributor II
Posts: 61
Registered: ‎06-27-2016

PC connected to IP Phone, how to authenticate both

I have a steup where there are PCs connected to network through IP phones.

What is the optimal design to authenticate both;

Authenticate IP phones through MAC auth and authenticate the PC through 802.1x and MAC auth,

So that the switch port will not open if one (Phone or PC) failed the authentication.

 

Thanks

 

Regards

Mahmmoud

Mahmoud
Guru Elite
Posts: 21,274
Registered: ‎03-29-2007

Re: PC connected to IP Phone, how to authenticate both

What you can do, depends on the phone, the switch and what radius server you have authenticating them..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 777
Registered: ‎03-25-2009

Re: PC connected to IP Phone, how to authenticate both

As cjoseph already said, it raly depends on your equipement what is possible.

 

Most switches support session based authentication which means you ould do dot1x for both devices. Authentication success (or faillure) for 1 device doesn't matter/influence the authentications of other devices on the same port.

 

So the best would be session based with both devices doing dot1x, although I've often seen dot1x for the PC and mac for the phone. 

Most important is the requirement for session based as opposed to port based authentication.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: