Hi guys,
i have 800 iptouch in customer.802.1x is off and the customer activate security in swichts. Then say EAP-TLS is on in the IpTouch
Do you have some idea??
Thanks in advance.
Regards
802.1x Off in IpTouch
802.1x Off in IpTouch
may the force be with you....
Re: 802.1x Off in IpTouch
The custumer wants to intruduce in the switch NAC and he is having problems with the Alcatel's phonesdryhouse wrote:Hi guys,
I have 800 iptouch in customer.802.1x is off and the customer activate security in swichts. Then say EAP-TLS is on in the IpTouch
Do you have some idea??
Thanks in advance.
Regards
What I mean is,
It seems that when its on in the port it asks to the Ip Touch if they have the 802.1* in TLS, and the device althought it has it off (802.1x-TLS Off) answers with the login ALCIPT
They have asked me about it a week ago and I have been doing some tests with it, switching it on and off, and at the end it seems that it works as it should (without the user ALCIPT)
Phones Teldat, Siemens/Unify, Avaya, Polycom are working with the NAC. The only ones who seems to have problems are Alcatel's IPTouch, and there are about 800 still working in central buldings.
Any help is good.
Regards.
may the force be with you....
- tot3nkopf
- Alcatel Unleashed Certified Guru
- Posts: 4058
- Joined: 02 Feb 2006 10:41
- Location: Germany & Romania
- Contact:
Re: 802.1x Off in IpTouch
802.1x has to be on if you are authenticating with certificates. MD5 or TLS used? Not clear.
Two options:
- With certificates you have two options: you provide them the factory certificates (public keys) from Alcatel. They need to import them and perform authentication based on them
-Certificate provided by PKI. This need to be uploaded in all the phones.
For autoenrollment ask Alcatel for their SCEP concept
W/o certificates, how? MAB? (mac based auth)
For commands on the phone check TG0028 : dot1x tls on/off
Read the 802.1x section in the System Documentation.
Two options:
- With certificates you have two options: you provide them the factory certificates (public keys) from Alcatel. They need to import them and perform authentication based on them
-Certificate provided by PKI. This need to be uploaded in all the phones.
For autoenrollment ask Alcatel for their SCEP concept
W/o certificates, how? MAB? (mac based auth)
For commands on the phone check TG0028 : dot1x tls on/off
Read the 802.1x section in the System Documentation.
Re: 802.1x Off in IpTouch
Thanks tot3nkopf for you reply,
I was wrong. I have 802.1x ON in all terminals......
Sorry for my bad english.
Regards.
I was wrong. I have 802.1x ON in all terminals......
Sorry for my bad english.
Regards.
may the force be with you....
Re: 802.1x Off in IpTouch
When you activate 802.1x on a switch port the telephone connects automatic via 802.1x auth.
I find this because i want to authenticate the telephone via freeradius. On 4028 devices you can go to spezial menu via "i" and "#" followed by
password, move to 802.1x and change configuration to md5 for test.
regards
I find this because i want to authenticate the telephone via freeradius. On 4028 devices you can go to spezial menu via "i" and "#" followed by
password, move to 802.1x and change configuration to md5 for test.
regards