Solved

ShoreTel phones with Dot1x and Juniper switches

Posted on 2014-03-03
4
510 Views
Last Modified: 2014-03-17
We are deploying dot1x with EAP-TLS throughout our network.  Unfortunately, we have a mix of Shoretel phones in front of all of our workstations.  What is the best way to get by this?

- create the MAC bypass users for each phone in Active directory?
- is there a supplicant to configure on the phone?

BTW we are connecting upstream to Juniper EX3300 switches.

Thanks,
0
Comment
Question by:L8C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 17

Expert Comment

by:pergr
ID: 39903691
0
 

Author Comment

by:L8C
ID: 39907092
The issues I have with that are:

- The Backend RADIUS server - the only way I found to do MAB dot1x authentication is to create a separate user account for each phone.  Is there a wildcard option for MAB auth?

- Single supplicant isn't secure enough for us.

Thanks.
0
 

Accepted Solution

by:
L8C earned 0 total points
ID: 39924364
We just created a static mac filter list with a /24 wildcard for the OUI.  Thank you.
0
 

Author Closing Comment

by:L8C
ID: 39933747
Only one expert commented and it wasn't the right option.  I ended up finding my own solution.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question