1x support, Certificates and private key information, 1x support -30 – AASTRA 6700i series, 9143, 9480i, 9480i CT SIP Administrator Guide EN User Manual

6-30

41-001343-01 Rev 03, Release 3.2.2

802.1x Support

The IP phones support the IEEE 802.1x protocol. The 802.1x protocol is a standard for passing

Extensible Authentication Protocol (EAP) over a wired or wireless Local Area Network (LAN).

The 802.1x protocol on the IP phone facilitates media-level access control, and offers the

capability to permit or deny network connectivity, control LAN access, and apply traffic policy,

based on user or endpoint identity. This feature supports both the EAP-MD5 and EAP-TLS

protocols.

If 802.1x on the phone is enabled, the following screen displays during startup of the phone.

If the 802.1x failed to authenticate with the server, the phone continues it's normal startup

process using DHCP. However, the network port on the phone may or may not be disabled,

depending on the switch configuration.

Certificates and Private Key Information

• If the certificates and private key are NOT stored in the phone:

— the phone connects to an open unauthenticated VLAN and the certificates are

downloaded.

or

— the phone connects using EAP-MD5 to a restricted VLAN and the certificates are

downloaded.

• If the certificates and private key ARE stored in the phone, the phone uses them during the

authentication process.

• If the phone uses EAP-TLS for successful authentication, after the phone reboots, it

downloads the latest certificates and private key files to the phone.

• The private key uses AES-128 to encrypt the private key file.

>> 10%
802.1x Authenticating....

>> 10%
802.1x Authenticating....

10%

802.1x Authenticating....

3-Line LCD Displays

8 and 11-Line LCD Displays

6739i Display