Difference between revisions of "IEEE 802.1X"
From Zenitel Wiki
(→User interface) |
|||
Line 19: | Line 19: | ||
* When '''TTLS with PAP''' or '''PEAP with MSCHAPV2''' is selected a certificate must be uploaded to the station. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem". | * When '''TTLS with PAP''' or '''PEAP with MSCHAPV2''' is selected a certificate must be uploaded to the station. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem". | ||
− | [[Image:802. | + | [[Image:802.1X 1.PNG|thumb|500px|left|IEEE 802.1X configuration page]] |
<br style="clear:both;" /> | <br style="clear:both;" /> | ||
Revision as of 13:33, 12 October 2016
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) ("port" meaning a single point of attachment to the LAN infrastructure). It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.
STENTOFON INCA Stations support 802.1X as from firmware version 01.09.3.0.
User interface
The 802.1X configuration is done from the IP-station web interface at Advanced Network --> 802.1X.
The different authenetication methods are MSCHAPV2, MD5, PAP, TTLS with PAP and PEAP with MSCHAPV2.
- MSCHAPV2 and MD5 encrypts the password.
- PAP does not encrypt anything.
- TTLS with PAP and PEAP with MSCHAPV2 encrypts both username and password.
- Dependent on the authentication method there are a few parameters to configure.
- 802.1X status: Enable or disable 802.1X
- Username: The username used to identify a station.
- Password: The password associated with the username.
- When TTLS with PAP or PEAP with MSCHAPV2 is selected a certificate must be uploaded to the station. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem".
Known issues
- During upgrade of the IP-station, 802.1X will not be running. Thus if 802.1X reauthentication is enabled and is performed during upgrade, the IP-station might lose contact with the tftp server (dependent on the configuration when 802.1X authentication fails). If the IP-station loses contact with the tftp server it will not be upgraded.
Software requirement
- IP Station software 01.09.3.0 or later.