802.1x Off in IpTouch

Post Reply
User avatar
dryhouse
Member
Posts: 159
Joined: 06 Apr 2010 06:11
Location: Madrid,Spain

802.1x Off in IpTouch

Post by dryhouse » 20 Jul 2016 10:31

Hi guys,

i have 800 iptouch in customer.802.1x is off and the customer activate security in swichts. Then say EAP-TLS is on in the IpTouch

Do you have some idea??

Thanks in advance.

Regards
may the force be with you....

User avatar
dryhouse
Member
Posts: 159
Joined: 06 Apr 2010 06:11
Location: Madrid,Spain

Re: 802.1x Off in IpTouch

Post by dryhouse » 08 Aug 2016 06:48

dryhouse wrote:Hi guys,

I have 800 iptouch in customer.802.1x is off and the customer activate security in swichts. Then say EAP-TLS is on in the IpTouch

Do you have some idea??

Thanks in advance.

Regards
The custumer wants to intruduce in the switch NAC and he is having problems with the Alcatel's phones
What I mean is,
It seems that when its on in the port it asks to the Ip Touch if they have the 802.1* in TLS, and the device althought it has it off (802.1x-TLS Off) answers with the login ALCIPT
They have asked me about it a week ago and I have been doing some tests with it, switching it on and off, and at the end it seems that it works as it should (without the user ALCIPT)
Phones Teldat, Siemens/Unify, Avaya, Polycom are working with the NAC. The only ones who seems to have problems are Alcatel's IPTouch, and there are about 800 still working in central buldings.

Any help is good.

Regards.
may the force be with you....

User avatar
tot3nkopf
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 4022
Joined: 02 Feb 2006 10:41
Location: Germany & Romania
Contact:

Re: 802.1x Off in IpTouch

Post by tot3nkopf » 17 Aug 2016 04:27

802.1x has to be on if you are authenticating with certificates. MD5 or TLS used? Not clear.
Two options:
- With certificates you have two options: you provide them the factory certificates (public keys) from Alcatel. They need to import them and perform authentication based on them
-Certificate provided by PKI. This need to be uploaded in all the phones.
For autoenrollment ask Alcatel for their SCEP concept

W/o certificates, how? MAB? (mac based auth)

For commands on the phone check TG0028 : dot1x tls on/off

Read the 802.1x section in the System Documentation.

User avatar
dryhouse
Member
Posts: 159
Joined: 06 Apr 2010 06:11
Location: Madrid,Spain

Re: 802.1x Off in IpTouch

Post by dryhouse » 17 Aug 2016 05:02

Thanks tot3nkopf for you reply,

I was wrong. I have 802.1x ON in all terminals......

Sorry for my bad english.

Regards.
may the force be with you....

tux
Member
Posts: 2
Joined: 06 Oct 2016 07:17

Re: 802.1x Off in IpTouch

Post by tux » 06 Oct 2016 07:26

When you activate 802.1x on a switch port the telephone connects automatic via 802.1x auth.
I find this because i want to authenticate the telephone via freeradius. On 4028 devices you can go to spezial menu via "i" and "#" followed by
password, move to 802.1x and change configuration to md5 for test.

regards

Post Reply

Return to “Security and Access Control”