Security

Reply
Frequent Contributor I

MAB not working mitel - how can i authenticate Phone on the network

The phone is registering with a username on clearpass, 

 

I want to enable all device to be allowed not matter what for testing. Monitor mode only doesnt implement enforcement, and I can't use the auth vlan on the switch config as there is phones tagged on voice on ports. (Or would this still work)

 

I understand for MAB to work the username needs to the MAC, this phone isn't - is this abnormal?

Frequent Contributor I

Re: MAB not working mitel - how can i authenticate Phone on the network

Capture.PNGFailing phonesCapture2.PNGService config

Guru Elite

Re: MAB not working mitel - how can i authenticate Phone on the network

You should really use the MAC Auth service template. The service you have is not specific enough.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: MAB not working mitel - how can i authenticate Phone on the network

the logs show that the username is appearing as JBORLAND not the MAC address 

 

So i understand why its not working, but how do i get it working without re-configuring all the pone before i enable it.

 

Guru Elite

Re: MAB not working mitel - how can i authenticate Phone on the network

It's likely a switch misconfiguration.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: MAB not working mitel - how can i authenticate Phone on the network

I agree with the service point, I have this service at the bottom and was meant to be a catch all for everything on the wired, hence this configuration.

 

I thought this was the phone itself, 

somebody has configured the phones to do EAP with a username and password - is there a way to allow all devices using EAP even if they fail authentication.

 

I am unable to use the unatuth-vid as the VLAN are not consistant across the sites and require configure 250 ports by hand.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: