Add authentication port-control auto authentication violation protect On 02.10.2017 17:01, Vacheslav wrote:
Thanks for the reply, but I already figured it out. But I'm stuck with a problem in the switch. I opened a thread at cisco forums, but they haven't solved it, perhaps you can help? https://supportforums.cisco.com/t5/ip-telephony/802-1x-port-security-violati...
-----Original Message----- From: Boris Lytochkin [mailto:lytboris@yandex-team.ru] Sent: Friday, September 29, 2017 9:23 PM To: Vacheslav <m_zouhairy@skno.by>; 'FreeRadius users mailing list' <freeradius-users@lists.freeradius.org> Subject: Re: cucm and ip phones
Hi. In this case you need to configure eap module to authenticate those phones using md5 and supply password (that is configured on the phone) in control:Cleartext-Password attribute in authorize section of radiusd.conf before calling eap module. On 28.09.2017 12:22, Vacheslav wrote: Thanks for the valuable information, and I have 3905, and it turns they use eap-md5 authentication. From the documentation, I understood that the shared secret is the one configured on the cisco nas, but it didn't work. Is it some other secret password and where is it configured?
-----Original Message----- From: Boris Lytochkin [mailto:lytboris@yandex-team.ru] Sent: Monday, September 25, 2017 3:07 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>; Vacheslav <m_zouhairy@skno.by> Subject: Re: cucm and ip phones
Hi.
Cisco IP phones (all modern) have Manufacturer Installed Certificate (MIC) so you can authenticate them using EAP-TLS. You need to import their crcam* cert chains into your FreeRADIUS installation from https://www.cisco.com/security/pki/
On 25.09.2017 14:52, Vacheslav wrote:
Peace, I configured my ip phones to use mab, but I read that with Radius it is possible to authenticate capable ip phones with tls. I searched the internet on how to do it but found almost nothing. Should I import the created self signed certificates from the freeradius server to the cucm? Or is that I have to export the cucm certificates to the cert directory of the freeradius server? Anyone has experience in configuring cucm with dot1x?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Boris Lytochkin Yandex NOC +7 (495) 739 70 00 ext. 7671
-- Boris Lytochkin Yandex NOC +7 (495) 739 70 00 ext. 7671