[cisco-voip] dot1x multi domain phones prompt for login

Wed Sep 21 09:46:39 EDT 2016

Not sure we can do that quickly.

What we are seeing is the phones (8841) are profiled properly sometimes, but then other times, they get profiled as a wireless device.  We also have WAPs on the network being profiled.  I am wondering if the issue is profiling based on MAC address since both the WAPs and phones are Cisco.

From: Eric Pedersen [mailto:PedersenE at bennettjones.com]
Sent: Monday, September 19, 2016 4:01 PM
To: Hendrix, Bill W. - US <george.hendrix at caci.com>; 'cisco-voip at puck.nether.net' <cisco-voip at puck.nether.net>
Subject: RE: dot1x multi domain phones prompt for login

We have ISE deployed and didn't find phone profiling to be 100% successful. We deployed LSCs to all our phones and use those for 802.1x authentication.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Hendrix, Bill W. - US
Sent: 18 September 2016 11:52 AM
To: 'cisco-voip at puck.nether.net' <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] dot1x multi domain phones prompt for login

We are also seeing the phones get disconnected with multi auth enabled and when computers are connected or disconnected from the phone PC port (docking station).

From: Hendrix, Bill W. - US
Sent: Saturday, September 17, 2016 2:00 PM
To: 'cisco-voip at puck.nether.net'
Subject: dot1x multi domain phones prompt for login

Guys,

  We have some ports where we applied multi-domain authentication on ports with Cisco phones connected for phone profiling.  We are using ISE.  However, the phones prompt for username and password.  Do the phones require any dot1x configuration to do this?  Or is this a setting in ISE causing this?

Thanks,
Bill Hendrix

The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail, we will not take any additional security measures (such as encryption) unless specifically requested.

If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link: http://www.bennettjones.com/unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160921/2fb86a7a/attachment.html>