[RADIATOR] MAB against cisco CUCM
Gregory Fuller
gregory.fuller at oswego.edu
Fri Dec 21 13:22:22 UTC 2018
We were actually doing this for a long time on our college network. I
wrote a script doing it this exact way. We were not matching up the MAC
addresses, we were just checking that the username the phone was passing to
RADIATOR was a valid Cisco phone username, and that the MAC address that
was being passed to us was also in CUCM and matched a CUCM device pool
against the physical building that the radius request was originating
from. We were basically making sure that our phones stayed within a
physical building and did not migrate somewhere else without someone
telling us so we could update the caller ID information appropriately for
911 use.
--greg
Gregory A. Fuller - CCNP R&S, CCNP Security, CCNA Wireless
Network Manager
State University of New York at Oswego
Phone: (315) 312-5750
Web: http://www.oswego.edu/~gfuller
_____________________________________________________
Campus Technology Services will never ask you to email us sensitive
personal information such as a password. Please contact us if you are
unsure if an email is genuine. (help at oswego.edu)
Date: Thu, 20 Dec 2018 13:26:01 -0500
> From: "Eric W. Bates" <ericx at whoi.edu>
> To: radiator <radiator at lists.open.com.au>
> Subject: [RADIATOR] MAB against cisco CUCM
> Message-ID: <bc626c2c-e837-32c4-3616-29855e957919 at whoi.edu>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> I want to provide MAC auth bypass to my phones on switches using dot1x
> by querying our cisco phone controller (CUCM). The CUCM has a SOAP API
> called AXL to which I can query by MAC address and basically just
> discover whether the MAC is registered in the system.
>
> Has anyone already done this?
>
> I gather the correct way to do this would be to use AuthBy External and
> write a script?
>
> Thanks for your time.
>
> --
> Clark 159a, MS 46
> 508/289-3112
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 4188 bytes
> Desc: S/MIME Cryptographic Signature
> URL: <
> https://lists.open.com.au/pipermail/radiator/attachments/20181220/3ef35e7c/attachment-0001.p7s
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
>
> ------------------------------
>
> End of radiator Digest, Vol 115, Issue 3
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20181221/c0bed474/attachment.html>
More information about the radiator
mailing list