Features in Release 2.2
RN-001029-00, Rev 06, Release 2.2 77
5i Series IP Phone Release Notes
Certificates and Private Key Information
• If the certificates and private key are NOT stored in the phone:
— the phone connects to an open unauthenticated VLAN and the certificates
are downloaded.
or
— the phone connects using EAP-MD5 to a restricted VLAN and the
certificates are downloaded.
• If the certificates and private key ARE stored in the phone, the phone uses
them during the authentication process.
• If the phone uses EAP-TLS for successful authentication, after the phone
reboots, it downloads the latest certificates and private key files to the phone.
• The private key uses AES-128 to encrypt the private key file.
• Switch Supplicant Mode - The switch supports the following 2 modes:
—Single supplicant - This mode enables the port once any machine
connected to this port is authenticated. For security reasons, the IP phone
has the option to disable the pass-through port.
—Multiple supplicants - Using this mode, the switch can support multiple
clients connected to same port. The switch distinguishes between the
clients based on their MAC address.
• Factory default and recovery mode deletes all certificates and private keys,
and sets the EAP type to disabled.
You can configure the 802.1x feature on the IP phone using the configuration
files, the IP Phone UI, or the Aastra Web UI.
Note: If configuring 802.1x using the IP Phone UI, the certificates
and private keys must already be configured and stored on the phone.
Use the configuration files or the Aastra Web UI to load certificates
and private keys.