cucm and ip phones

Vacheslav m_zouhairy at
Thu Sep 28 11:22:26 CEST 2017

Thanks for the valuable information,
 and  I have 3905, and it turns they use eap-md5 authentication. From the documentation, I understood that the shared secret is the one configured on the cisco nas, but it didn't work. Is it some other secret password and where is it configured?

-----Original Message-----
From: Boris Lytochkin [mailto:lytboris at] 
Sent: Monday, September 25, 2017 3:07 PM
To: FreeRadius users mailing list <freeradius-users at>; Vacheslav <m_zouhairy at>
Subject: Re: cucm and ip phones


>Cisco IP phones (all modern) have Manufacturer Installed Certificate (MIC) so you can authenticate them using EAP-TLS.
You need to import their crcam* cert chains into your FreeRADIUS installation from

On 25.09.2017 14:52, Vacheslav wrote:
> Peace, I configured my ip phones to use mab, but I read that with Radius it is possible to authenticate capable ip phones with tls.
> I searched the internet on how to do it but found almost nothing.
> Should I import the created self signed certificates from the freeradius server to the cucm? Or is that I have to export the cucm certificates to the cert directory of the freeradius server?
> Anyone has experience in configuring cucm with dot1x?
> -
> List info/subscribe/unsubscribe? See

Boris Lytochkin
Yandex NOC
+7 (495) 739 70 00 ext. 7671

More information about the Freeradius-Users mailing list