Aastra Telecom REV 06 User Manual

Features in Release 2.2

RN-001029-00, Rev 06, Release 2.2

77

5i Series IP Phone Release Notes

Certificates and Private Key Information

•

If the certificates and private key are NOT stored in the phone:

— the phone connects to an open unauthenticated VLAN and the certificates

are downloaded.
or

— the phone connects using EAP-MD5 to a restricted VLAN and the

certificates are downloaded.

•

If the certificates and private key ARE stored in the phone, the phone uses
them during the authentication process.

•

If the phone uses EAP-TLS for successful authentication, after the phone
reboots, it downloads the latest certificates and private key files to the phone.

•

The private key uses AES-128 to encrypt the private key file.

•

Switch Supplicant Mode - The switch supports the following 2 modes:

— Single supplicant - This mode enables the port once any machine

connected to this port is authenticated. For security reasons, the IP phone
has the option to disable the pass-through port.

— Multiple supplicants - Using this mode, the switch can support multiple

clients connected to same port. The switch distinguishes between the
clients based on their MAC address.

•

Factory default and recovery mode deletes all certificates and private keys,
and sets the EAP type to disabled.

You can configure the 802.1x feature on the IP phone using the configuration
files, the IP Phone UI, or the Aastra Web UI.

Note:

If configuring 802.1x using the IP Phone UI, the certificates

and private keys must already be configured and stored on the phone.
Use the configuration files or the Aastra Web UI to load certificates
and private keys.