Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAB for Cisco Phones

This thread has been viewed 2 times

  • 1.  MAB for Cisco Phones

    EMPLOYEE
    Posted Jun 28, 2016 07:10 PM

    Hello,

     

    I have a customer that installs a lot of Cisco Phones on their network. He needs that any Cisco Phone that is connected to their network it is automatically access granted. I am trying to create a service where the CPPM validates by fingerprinting (via DHCP) that the connected endpoint is a Cisco Phone  to allow access. It is not necessary that the MAC Address exists on the Endpoint Repository to grant access the phone, I only need to know that the endpoint is a Cisco Phone to grant their access.

     

    The customer doesn't want a typical MAB where all the MACs are learned by CPPM and then the administrator has to access to endpoint repository to change the endpoint status from unknown to known to grant the access.

     

    Can anyone share a configuration example to make it possible?

     

    Thanks!



  • 2.  RE: MAB for Cisco Phones

    Posted Jun 28, 2016 08:02 PM
    You can do the profiling using this technote:
    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/UPDATED-ClearPass-Profiling-TechNote-V1-2/td-p/243541

    Then in your enforcement you can use the endpoint > Category ( VoIP Phone ) and Device Name (Cisco IP Phone)

    Get Outlook for iOS