Hello,
I am about to implementing dot1x in our LAN. I understood that I have to use multi-domain mode to get this work well if
I use ip phones and PCs attached after the phones.
I have Avaya 4600 phones which only supports EAP-MD5 authentication.
In Avaya documentation http://support.avaya.com/css/P8/documents/100013545 I have this: (page 96)
"The default ID is the MAC address of the telephone, converted to ASCII format without colon separators, and the default password is null.
Both the ID and password are set to defaults at manufacture. EAP-Response/Identity frames use the ID in the Type-Data field.
EAP-Response/MD5-Challenge frames use the password to compute the digest for the Value field, leaving the Name field blank."
I created the local user database on ACS 5.1 like this:
username: 00-04-0D-29-54-99 password: 00-04-0D-29-54-99
I did not setup any 802.1x password on the Avaya phones!!!!
And the authentication works with dot1x. (see the info from the switch below)
My question: if you have the similar environment how did you configure ACS 5.1 to authenticate the phones and what did you setup on the phones?
#sh authentication sessions interface fastEthernet 2/25
Interface: FastEthernet2/25
MAC Address: 0011.2549.62e2
IP Address: Unknown
User-Name: SECSEC\SECSEC123
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 303
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A240205000003EE160E0420
Acct Session ID: 0x00003BD6
Handle: 0x610003EE
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
----------------------------------------
Interface: FastEthernet2/25
MAC Address: 0004.0d29.5499
IP Address: Unknown
User-Name: 00040D295499
Status: Authz Success
Domain: VOICE
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 902
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A240205000003ED16030CF4
Acct Session ID: 0x00003BD5
Handle: 0xE80003ED
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
#
Thanks in advance,
Andras