Difference between revisions of "IEEE 802.1X"

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) ("port" meaning a single point of attachment to the LAN infrastructure). It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.

STENTOFON IP Stations support 802.1X as from firmware version 01.09.3.0.

User interface

The 802.1X configuration is done from the IP-station web interface at Advanced Network --> 802.1X.

The different authenetication methods are MSCHAPV2, MD5, PAP, TTLS with PAP and PEAP with MSCHAPV2.

• MSCHAPV2 and MD5 encrypts the password.
• PAP does not encrypt anything.
• TTLS with PAP and PEAP with MSCHAPV2 encrypts both username and password.

• Dependent on the authentication method there are 3-4 parameters to configure.
  • 802.1X status: Enable or disable 802.1X
  • Username: The username used to identify a station.
  • Password: The password associated with the username.

• The button Save settings saves the current settings.

• If TTLS with PAP or PEAP with MSCHAPV2 is the chosen authenticiation method then a certificate must be uploaded to the station. This should be done in the field at the bottom. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem".

IEEE 802.1X configuration page

Known issues

• During upgrade of the IP-station, 802.1X will not be running. Thus if 802.1X reauthentication is enabled and is performed during upgrade, the IP-station might lose contact with the tftp server (dependent on the configuration when 802.1X authentication fails). If the IP-station loses contact with the tftp server it will not be upgraded.

Software requirement

• IP Station software 01.09.3.0 or later.