eap-tls with a cisco phone

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Jul 20 10:55:42 CEST 2015


hi,

>I’m trying to authenticate a Cisco IP Phone with 802.1X EAP-TLS.
>I added the Cisco root certs to the CA file and the CN name from the
>phone’s cert to the users file.

dont need to do that - its EAP-TLS - so long as the server likes the client cert
(use OSCP, CRL or the EAP-TLS-CHECK module if you wish to change access-accept
policies.

so long as the client has a cert known/trusted by the server...and the server has a cert from same CA
and knows/trusts the CA, this pretty much works out of the box.  

reasons it might not work? usually its because the client has the wrong time - thus the cert isnt
valid yet...or has expired..usually the former

alan



More information about the Freeradius-Users mailing list