Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAB not working mitel - how can i authenticate Phone on the network

This thread has been viewed 3 times

  • 1.  MAB not working mitel - how can i authenticate Phone on the network

    Posted Nov 01, 2018 09:24 PM

    The phone is registering with a username on clearpass, 

     

    I want to enable all device to be allowed not matter what for testing. Monitor mode only doesnt implement enforcement, and I can't use the auth vlan on the switch config as there is phones tagged on voice on ports. (Or would this still work)

     

    I understand for MAB to work the username needs to the MAC, this phone isn't - is this abnormal?



  • 2.  RE: MAB not working mitel - how can i authenticate Phone on the network

    Posted Nov 01, 2018 09:40 PM

    Failing phonesFailing phonesService configService config



  • 3.  RE: MAB not working mitel - how can i authenticate Phone on the network

    EMPLOYEE
    Posted Nov 01, 2018 09:54 PM
    You should really use the MAC Auth service template. The service you have is not specific enough.


  • 4.  RE: MAB not working mitel - how can i authenticate Phone on the network

    Posted Nov 01, 2018 09:59 PM

    the logs show that the username is appearing as JBORLAND not the MAC address 

     

    So i understand why its not working, but how do i get it working without re-configuring all the pone before i enable it.

     



  • 5.  RE: MAB not working mitel - how can i authenticate Phone on the network

    EMPLOYEE
    Posted Nov 01, 2018 10:01 PM
    It's likely a switch misconfiguration.


  • 6.  RE: MAB not working mitel - how can i authenticate Phone on the network

    Posted Nov 02, 2018 05:45 AM

    I agree with the service point, I have this service at the bottom and was meant to be a catch all for everything on the wired, hence this configuration.

     

    I thought this was the phone itself, 

    somebody has configured the phones to do EAP with a username and password - is there a way to allow all devices using EAP even if they fail authentication.

     

    I am unable to use the unatuth-vid as the VLAN are not consistant across the sites and require configure 250 ports by hand.