[RADIATOR] MAB against cisco CUCM
Eric W. Bates
ericx at whoi.edu
Fri Dec 21 16:31:42 UTC 2018
That sounds interesting. Can you share the script?
On 12/21/18 8:22 AM, Gregory Fuller wrote:
> We were actually doing this for a long time on our college network. I
> wrote a script doing it this exact way. We were not matching up the MAC
> addresses, we were just checking that the username the phone was passing
> to RADIATOR was a valid Cisco phone username, and that the MAC address
> that was being passed to us was also in CUCM and matched a CUCM device
> pool against the physical building that the radius request was
> originating from. We were basically making sure that our phones stayed
> within a physical building and did not migrate somewhere else without
> someone telling us so we could update the caller ID information
> appropriately for 911 use.
>
> --greg
>
> Gregory A. Fuller - CCNP R&S, CCNP Security, CCNA Wireless
> Network Manager
> State University of New York at Oswego
> Phone: (315) 312-5750
> Web: http://www.oswego.edu/~gfuller
> _____________________________________________________
> Campus Technology Services will never ask you to email us sensitive
> personal information such as a password. Please contact us if you are
> unsure if an email is genuine. (help at oswego.edu <mailto:help at oswego.edu>)
>
>
> Date: Thu, 20 Dec 2018 13:26:01 -0500
> From: "Eric W. Bates" <ericx at whoi.edu <mailto:ericx at whoi.edu>>
> To: radiator <radiator at lists.open.com.au
> <mailto:radiator at lists.open.com.au>>
> Subject: [RADIATOR] MAB against cisco CUCM
> Message-ID: <bc626c2c-e837-32c4-3616-29855e957919 at whoi.edu
> <mailto:bc626c2c-e837-32c4-3616-29855e957919 at whoi.edu>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> I want to provide MAC auth bypass to my phones on switches using dot1x
> by querying our cisco phone controller (CUCM). The CUCM has a SOAP API
> called AXL to which I can query by MAC address and basically just
> discover whether the MAC is registered in the system.
>
> Has anyone already done this?
>
> I gather the correct way to do this would be to use AuthBy External and
> write a script?
>
> Thanks for your time.
>
> --
> Clark 159a, MS 46
> 508/289-3112
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 4188 bytes
> Desc: S/MIME Cryptographic Signature
> URL:
> <https://lists.open.com.au/pipermail/radiator/attachments/20181220/3ef35e7c/attachment-0001.p7s>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au <mailto:radiator at lists.open.com.au>
> https://lists.open.com.au/mailman/listinfo/radiator
>
> ------------------------------
>
> End of radiator Digest, Vol 115, Issue 3
> ****************************************
>
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4188 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20181221/68b68b80/attachment.p7s>
More information about the radiator
mailing list