• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 556
  • Last Modified:

ShoreTel phones with Dot1x and Juniper switches

We are deploying dot1x with EAP-TLS throughout our network.  Unfortunately, we have a mix of Shoretel phones in front of all of our workstations.  What is the best way to get by this?

- create the MAC bypass users for each phone in Active directory?
- is there a supplicant to configure on the phone?

BTW we are connecting upstream to Juniper EX3300 switches.

  • 3
1 Solution
L8CAuthor Commented:
The issues I have with that are:

- The Backend RADIUS server - the only way I found to do MAB dot1x authentication is to create a separate user account for each phone.  Is there a wildcard option for MAB auth?

- Single supplicant isn't secure enough for us.

L8CAuthor Commented:
We just created a static mac filter list with a /24 wildcard for the OUI.  Thank you.
L8CAuthor Commented:
Only one expert commented and it wasn't the right option.  I ended up finding my own solution.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now