IEEE 802.1X
From Zenitel Wiki
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) ("port" meaning a single point of attachment to the LAN infrastructure). It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.
STENTOFON IP Stations support 802.1X as from firmware version 01.09.3.0.
User interface
The 802.1X configuration is done from the IP-station web interface at Advanced Network --> 802.1X.
The different authenetication methods are MSCHAPV2, MD5, PAP, TTLS with PAP and PEAP with MSCHAPV2.
- MSCHAPV2 and MD5 encrypts the password.
- PAP does not encrypt anything.
- TTLS with PAP and PEAP with MSCHAPV2 encrypts both username and password.
- Dependent on the authentication method there are 3-4 parameters to configure.
- 802.1X status: Enable or disable 802.1X
- Username: The username used to identify a station.
- Password: The password associated with the username.
- When TTLS with PAP or PEAP with MSCHAPV2 is selected a certificate must be uploaded to the station. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem".
Known issues
- During upgrade of the IP-station, 802.1X will not be running. Thus if 802.1X reauthentication is enabled and is performed during upgrade, the IP-station might lose contact with the tftp server (dependent on the configuration when 802.1X authentication fails). If the IP-station loses contact with the tftp server it will not be upgraded.
Software requirement
- IP Station software 01.09.3.0 or later.