Actions

IEEE 802.1X

From Zenitel Wiki

Revision as of 11:42, 19 September 2013 by Asle (talk) (User interface)

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) ("port" meaning a single point of attachment to the LAN infrastructure). It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.

STENTOFON IP Stations support 802.1X as from firmware version 01.09.3.0.

User interface

The 802.1X configuration is done from the IP-station web interface at Advanced Network --> 802.1X.

The different authenetication methods are MSCHAPV2, MD5, PAP, TTLS with PAP and PEAP with MSCHAPV2.

  • MSCHAPV2 and MD5 encrypts the password.
  • PAP does not encrypt anything.
  • TTLS with PAP and PEAP with MSCHAPV2 encrypts both username and password.
  • Dependent on the authentication method there are 3-4 parameters to configure.
    • 802.1X status: Enable or disable 802.1X
    • Username: The username used to identify a station.
    • Password: The password associated with the username.
  • When TTLS with PAP or PEAP with MSCHAPV2 is selected a certificate must be uploaded to the station. The certificate must either be a PEM or DER certificate and the certificate must be named "certificate.pem".
IEEE 802.1X configuration page


Known issues

  • During upgrade of the IP-station, 802.1X will not be running. Thus if 802.1X reauthentication is enabled and is performed during upgrade, the IP-station might lose contact with the tftp server (dependent on the configuration when 802.1X authentication fails). If the IP-station loses contact with the tftp server it will not be upgraded.

Software requirement

  • IP Station software 01.09.3.0 or later.
Retrieved from "https://wiki.zenitel.com/w/index.php?title=IEEE_802.1X&oldid=95968"