Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya SIP Software R4.3 SP2 for 1200 Series
251252253254255256257258259260
EAP-TLS
EAP-TLS allows the IP Deskphone to authenticate to the RADIUS server before the
IP
Deskphone can access the network. This procedure requires a user ID, root certificate, and
device certificate. The root and device certificates must be installed on the IP Deskphone
before using this feature. The customer root certificate can be installed using SCEP or SIP
configuration file. For more information, see
Root certificate installation on page 231 and Table
71: SCEP provisioning parameters on page 241.
The device certificate can be installed using one of two methods:
SCEP on page 239
PKCS 12 download on page 242
If the IP Deskphone fails to authenticate to the RADIUS server or to install the required
certificates, the IP Deskphone displays a "EAP Authenticate-Fail" message, and the
IP Deskphone cannot access the network.
EAP-PEAP
EAP-PEAP allows the IP Deskphone to authenticate to the RADIUS server before the
IP Deskphone can access the network. This procedure requires a user ID1, root certificate,
user ID2, and password. EAP-PEAP is the outer authentication protocol that requires a user
ID1 and root certificate to establish a TLS channel. EAP-MD5 is the inner authentication
protocol
that requires a user ID2 and password to pass through this channel in a secure mode.
The customer root certificate can be installed using SCEP or SIP configuration file. For more
information, see
Root certificate installation on page 231
.
If the IP Deskphone fails to authenticate to the RADIUS server or to install the required
certificates, the IP Deskphone displays a "EAP Authenticate-Fail" message, and the
IP Deskphone cannot access the network.
EAP Re-authentication
The re-authentication process proceeds in the background without disturbing the ongoing
operation of the IP Deskphone. If the re-authentication fails or times out, the IP Deskphone
becomes inoperable. Re-authentication interval is controlled by the Layer 2 switch re-
authentication interval parameter. The minimum supported re-authentication interval when
EAP-MD5 and EAP-PEAP are configured is 10 seconds; for EAP-TLS, the minimum interval
is 20 seconds.
EAP-TLS
SIP Software for Avaya 1200 Series IP Deskphones-Administration September 2013 257