Solved

ShoreTel phones with Dot1x and Juniper switches

Posted on 2014-03-03
4
502 Views
Last Modified: 2014-03-17
We are deploying dot1x with EAP-TLS throughout our network.  Unfortunately, we have a mix of Shoretel phones in front of all of our workstations.  What is the best way to get by this?

- create the MAC bypass users for each phone in Active directory?
- is there a supplicant to configure on the phone?

BTW we are connecting upstream to Juniper EX3300 switches.

Thanks,
0
Comment
Question by:L8C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 17

Expert Comment

by:pergr
ID: 39903691
0
 

Author Comment

by:L8C
ID: 39907092
The issues I have with that are:

- The Backend RADIUS server - the only way I found to do MAB dot1x authentication is to create a separate user account for each phone.  Is there a wildcard option for MAB auth?

- Single supplicant isn't secure enough for us.

Thanks.
0
 

Accepted Solution

by:
L8C earned 0 total points
ID: 39924364
We just created a static mac filter list with a /24 wildcard for the OUI.  Thank you.
0
 

Author Closing Comment

by:L8C
ID: 39933747
Only one expert commented and it wasn't the right option.  I ended up finding my own solution.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
A hard and fast method for reducing Active Directory Administrators members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question