eap-tls with a cisco phone
Christian Bösch
boesch at fhv.at
Wed Jul 22 15:01:25 CEST 2015
thanks alan.
it’s not freeradius related but might be interesting:
EAP-TLS is working with a Cisco 7841 (v03) but not working with the 7841 (v04)…?
so if someone has experience with that kind of phone it would be interesting.
chris
> On 20 Jul 2015, at 10:55 , Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> hi,
>
>> I’m trying to authenticate a Cisco IP Phone with 802.1X EAP-TLS.
>> I added the Cisco root certs to the CA file and the CN name from the
>> phone’s cert to the users file.
>
> dont need to do that - its EAP-TLS - so long as the server likes the client cert
> (use OSCP, CRL or the EAP-TLS-CHECK module if you wish to change access-accept
> policies.
>
> so long as the client has a cert known/trusted by the server...and the server has a cert from same CA
> and knows/trusts the CA, this pretty much works out of the box.
>
> reasons it might not work? usually its because the client has the wrong time - thus the cert isnt
> valid yet...or has expired..usually the former
>
> alan
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3493 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150722/0edeb621/attachment.bin>
More information about the Freeradius-Users
mailing list