IEEE 802.1X
From Zenitel Wiki
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) ("port" meaning a single point of attachment to the LAN infrastructure). It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails.
STENTOFON INCA Stations support 802.1X as from firmware version 01.09.3.0.
User interface
The 802.1X configuration is done from the IP-station web interface at Advanced Network --> 802.1X.
The different authentication methods are MSCHAPV2, MD5, TTLS with PAP, PEAP with MSCHAPV2 and TLS.
- MSCHAPV2 and MD5 encrypts the password.
- TTLS with PAP and PEAP with MSCHAPV2 encrypts both username and password.
Dependent on the authentication method there are a few parameters to configure.
- 802.1X status: Enable or disable 802.1X
- Username: The username used to identify a station.
- Password: The password associated with the username.
- Fake username: The fake username sent outside of encrypted tunnel with TTLS with PAP and PEAP with MSCHAPV2. The user name is encrypted.
When TTLS with PAP or PEAP with MSCHAPV2 is selected a certificate must be uploaded to the station by clicking the Browse... button. The certificate must either be in Privacy Enhanced Mail (PEM) or Distinguished Encoding Rules (DER) format and the certificate must be named "certificate.pem".
- Click Save to save the current settings
- Click Reboot
The new 802.1X settings will only come into effect after a reboot.
Known issues
- During upgrade of the IP-station, 802.1X will not be running. Thus if 802.1X reauthentication is enabled and is performed during upgrade, the IP-station might lose contact with the tftp server (dependent on the configuration when 802.1X authentication fails). If the IP-station loses contact with the tftp server it will not be upgraded.
Software requirement
- IP Station software 01.09.3.0 or later.