[cisco-voip] dot1x, ISE, EAP-FAST and 69xx Phones
Gary Parker
G.J.Parker at lboro.ac.uk
Mon Nov 2 05:20:17 EST 2020
Morning all, our network team are moving to an SDA network using Cisco DNAC and ISE and have asked me to dot1x enable our phones to stop having to profile them and use plus license.
I’m currently on CUCM 11.5.1 SU2 and the majority of our phones are 69xx, thus preventing us from using anything above TLS1.0 as I understand it. While ISE will do TLS1.0, it doesn’t support SHA-1, which the 69xx phones are stuck with for LSC auth.
I’ve found some documentation suggesting these devices will do EAP-FAST (the same solution our networks guys used to get our Cisco APs on the wired network), but can’t find anything explaining how to configure enable this other than for phones with a wireless interface.
- is anyone out there doing EAP-FAST with LSC to ISE with 69xx phones?
- do 69xx phones support EAP-FAST on a wired interface?
- can anyone point me at a resource explaining how to configure this?
---
/-Gary Parker----------------------------------f--\
| Unified Communications Service Manager |
n Loughborough University, IT Services |
| tel:+441509635635 sip:gary at lboro.ac.uk o
| https://www.osx.ninja/pubkey.txt |
\r----------------------------------------------d-/
More information about the cisco-voip
mailing list