Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1058
Views
0
Helpful
0
Replies

Avaya 4600 IP phones dot1x authentication in ACS 5.1

horvaia
Level 1
Level 1

‎11-19-2010 01:52 AM - edited ‎02-21-2020 10:25 AM

Hello,

I am about to implementing dot1x in our LAN. I understood that I have to use multi-domain mode to get this work well if

I use ip phones and PCs attached after the phones.

I have Avaya 4600 phones which only supports EAP-MD5 authentication.

In Avaya documentation http://support.avaya.com/css/P8/documents/100013545 I have this: (page 96)

"The default ID is the MAC address of the telephone, converted to ASCII format without colon separators, and the default password is null.

Both the ID and password are set to defaults at manufacture. EAP-Response/Identity frames use the ID in the Type-Data field.
EAP-Response/MD5-Challenge frames use the password to compute the digest for the Value field, leaving the Name field blank."

I created the local user database on ACS 5.1 like this:

username: 00-04-0D-29-54-99 password: 00-04-0D-29-54-99

I did not setup any 802.1x password on the Avaya phones!!!!

And the authentication works with dot1x. (see the info from the switch below)

My question: if you have the similar environment how did you configure ACS 5.1 to authenticate the phones and what did you setup on the phones?

#sh authentication sessions interface fastEthernet 2/25
            Interface:  FastEthernet2/25
          MAC Address:  0011.2549.62e2
           IP Address:  Unknown
            User-Name:  SECSEC\SECSEC123
               Status:  Authz Success
               Domain:  DATA
       Oper host mode:  multi-domain
     Oper control dir:  both
        Authorized By:  Authentication Server
          Vlan Policy:  303
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  0A240205000003EE160E0420
      Acct Session ID:  0x00003BD6
               Handle:  0x610003EE

Runnable methods list:
       Method   State
       dot1x    Authc Success
       mab      Not run

----------------------------------------
            Interface:  FastEthernet2/25
          MAC Address:  0004.0d29.5499
           IP Address:  Unknown
            User-Name:  00040D295499
               Status:  Authz Success
               Domain:  VOICE
       Oper host mode:  multi-domain
     Oper control dir:  both
        Authorized By:  Authentication Server
          Vlan Policy:  902
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  0A240205000003ED16030CF4
      Acct Session ID:  0x00003BD5
               Handle:  0xE80003ED

Runnable methods list:
       Method   State
       dot1x    Authc Success
       mab      Not run

#

Thanks in advance,

Andras


Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents