Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

PC dot1x authentication via IP phone second port/data port

This thread has been viewed 1 times

  • 1.  PC dot1x authentication via IP phone second port/data port

    Posted Mar 19, 2015 11:11 AM

    Hi All, I need some advice from you guys.

     

    I've deployed dot1x wired authentication with clearpass in a site. It's works well with switches but today I received an report from users that part of them failed to perform dot1x wired authentication when the notebook plugged into the IP phone second port/data port. Remark: the IP phone is connecting to the switches as well.

     

    I have no clue on this. May I know does the IP phone required dot1x support in order to make this works? Or list in the IP of the IP phone into the clearpass will do?

     

    Thanks,

     

     



  • 2.  RE: PC dot1x authentication via IP phone second port/data port

    EMPLOYEE
    Posted Mar 19, 2015 11:13 AM
    What type of switch?


  • 3.  RE: PC dot1x authentication via IP phone second port/data port

    Posted Mar 19, 2015 11:17 AM

    Most of the switches is cisco 2960 and 3750.

    I don't have the record of IP phone model.



  • 4.  RE: PC dot1x authentication via IP phone second port/data port

    EMPLOYEE
    Posted Mar 19, 2015 08:29 PM

    You'll need to configure the switchport with 802.1X authentication. If you don't want to do 1X for the phone, configure 802.1X with MAC-auth bypass (MAB).