08-20-2015 12:18 AM - last edited on 03-25-2019 08:36 PM by ciscomoderator
Hi,
I have some 7841 IP Phones which authenticate over 802.1X (EAP-TLS with the Manufactured Installed Certificate with FreeRadius).
Now we bought some additional ones which do not work with the same config.
I realized that the "old" ones have V03 at the end and the "new" ones V04. So what is the difference in that, that authentication
does not work for the same type of phone?
Regards,
Chris
08-20-2015 02:56 AM
Hi,
When you say they don't work, are you referring to dot1x authentication failing. Can you confirm that the certificate on the new phones is having the same details as the old phones.
Also, what error do you see on the Radius server?
08-24-2015 06:18 AM
Hi Mohammed,
I guess the new phones have other root certificates?
I have trusted the Cisco Root CA and the Cisco Manufaturing CA which seems enough for the old phones. I found some hints that there are also a CAP-RTP-001 and a CAP-RTP-002 certificate to trust. But as our CallManager is outsourced I don't know where to get these certs. I haven't found them online to download.
chris
08-24-2015 07:14 AM
CMPlatform -> Security -> Certificate Monitor. I've got ones in both Callmanager-trust and CAPF-Trust
GTG
08-24-2015 11:26 PM
As our Callmanager is outsourced and 3rd party hosted, I'm not able to access these certs. Can you post them or send them by email?
08-25-2015 12:35 AM
Your CUCM Administrator should be able to email them to you.
GTG
08-24-2015 07:15 AM
Can you tell me what you did to get this to work, please?. Working with my local 802.1x guru, we failed to get this to work. (We were following advise from TAC but we weren't 100% convinced TAC were correct....)
GTG
08-24-2015 11:23 PM
I set up FreeRadius to do EAP-TLS (no special config), and included the Cisco Root CAs in the CA_fie. Feel free to contact for any more questions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide