This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Anyone using ShoreTel VOIP with Enterasys NAC?

Anyone using ShoreTel VOIP with Enterasys NAC?

Matt_Stone
New Contributor

‎12-11-2013 09:00 PM

We had a ShoreTel VOIP system installed yesterday, this is our first step into the VOIP world. We're using Enterasys NAC with MAC and 802.1x authentication for clients. Ports are configured for both MAC and 802.1x auth with 8 users allowed.

We MAC authenticated the phones and they work fine, however when we plug a computer into the phone it doesn't seem to pass the authentication request up to the switch. Is anyone running this setup? I believe we are looking for some type of 802.1x pass-through option on the phone, but haven't found it so far. The phones are model IP 480g

Thanks
0 Kudos
19 REPLIES 19

Matt_Stone
New Contributor

‎12-19-2013 02:22 PM

Yes, with the information provided we were able to get the phones to authenticate EAP-MD5. Since we are using NPS 2008 we had to edit the registry to turn EAP-MD5 back on (link here for reference http://support.microsoft.com/kb/922574 )

Unfortunately we still aren't able to get the computers to authenticate when plugged in through the phone. If we put an unmanaged switch on the Enterasys port and plug the phone and computer into that, they both authenticate fine so we still believe this to be an issue with the phone not passing the request up to the switch. We are working with our ShoreTel partner to find a solution. If / when I get that I will post it for the benefit of others.

I have also reached out to Scott in a GTAC case with some wireshark captures to see if he can come up with anything that might help come to a resolution.

Thanks to everyone who replied,

Matt
0 Kudos

hessm_mhs-pa_or
New Contributor
In response to Matt_Stone

‎12-19-2013 02:22 PM

I remember having an issue with Multi-auth and our phones\wireless when we moved to the C5's and I believe our solution was instead of passing the VLAN-ID via the policy we instead switched to sending the VLAN Attribute in IAS and setting the switch to pass-through for this.
0 Kudos

Tamera_Rousseau
New Contributor
In response to Matt_Stone

‎12-19-2013 02:22 PM

Thanks for the update Matt and we definitely look forward to hearing the resolution!
0 Kudos

Tamera_Rousseau
New Contributor

‎12-18-2013 07:11 PM

Hi Matt (and Matt), Do you feel that the advice from Scott answered your questions? Matt Stone, did you have a chance to verify that your 2003 server contain that information?
0 Kudos

hessm_mhs-pa_or
New Contributor

‎12-16-2013 05:37 PM

MD5 Is available in my EAP Methods on IAS (2003).
0 Kudos
GTM-P2G8KFN