Difference between revisions of "IEEE 802.1X"
From Zenitel Wiki
(→User interface) |
(→User interface) |
||
Line 13: | Line 13: | ||
* Dependent on the authentication method there are 3-4 parameters to configure. | * Dependent on the authentication method there are 3-4 parameters to configure. | ||
+ | ** '''802.1X status''': Enable or disable 802.1X | ||
** '''Username''': The username used to identify a station. | ** '''Username''': The username used to identify a station. | ||
− | |||
** '''Password''': The password associated with the username. | ** '''Password''': The password associated with the username. | ||
− | |||
* The button '''Save settings''' saves the current settings. | * The button '''Save settings''' saves the current settings. |
Revision as of 11:36, 19 September 2013
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) ("port" meaning a single point of attachment to the LAN infrastructure). It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.
STENTOFON IP Stations support 802.1X as from firmware version 01.09.3.0.
User interface
The 802.1X configuration is done from the IP-station web interface at Advanced Network --> 802.1X.
The different authenetication methods are MSCHAPV2, MD5, PAP, TTLS with PAP and PEAP with MSCHAPV2.
- MSCHAPV2 and MD5 encrypts the password.
- PAP does not encrypt anything.
- TTLS with PAP and PEAP with MSCHAPV2 encrypts both username and password.
- Dependent on the authentication method there are 3-4 parameters to configure.
- 802.1X status: Enable or disable 802.1X
- Username: The username used to identify a station.
- Password: The password associated with the username.
- The button Save settings saves the current settings.
- If TTLS with PAP or PEAP with MSCHAPV2 is the chosen authenticiation method then a certificate must be uploaded to the station. This should be done in the field at the bottom. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem".
Known issues
- During upgrade of the IP-station, 802.1X will not be running. Thus if 802.1X reauthentication is enabled and is performed during upgrade, the IP-station might lose contact with the tftp server (dependent on the configuration when 802.1X authentication fails). If the IP-station loses contact with the tftp server it will not be upgraded.
Software requirement
- IP Station software 01.09.3.0 or later.