We're in the process of getting ISE configured to be our RADIUS server, but that project won't wrap up until next year sometime. In the meantime, we have another project rolling out new IP phones, but we don't truly have a good way to secure the ports.
Our PCs check in via EAP to our FreeRADIUS server, and then once they authenticate, they're allowed on the network. I was looking into somehow getting our FreeRADIUS server configured w/ MAB for the new IP phones. I have the switch config (Cisco) ready to implement, but I have nothing able to respond currently.
Ultimately, I'm trying to have FreeRADIUS see the first octet of a MAC and authorize it as a stopgap until we can get our ISE licensing and servers configured to handle these authentication requests.
No comments:
Post a Comment