I was able to configure EAP-TLS for our phones. Unfortunatelly according to ACS logs both MIC and LSC rules do not match. The authentication matches the default rule (permit access), but the TLS handshake succeeded every time. Since Im not SSL/TLS guru I assume the phone has a certificate.
To view the certificate installed on the phone I followed this instruction https://supportforums.cisco.com/docs/DOC-25798. In the first step you trigger the "troubleshoot" from our cucm. Unfortunatelly it does not genereate enything under /cm/trace/capf/sdi
So now my question is what certificate does my 8961 uses for EAP-TLS (MIC and LSC rules do not match, troubleshoot does not generate anything) and how can I view the certificate without capturing the traffic with tcpdump/wireshark.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...