Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series
271272273274275276277278279280
For more information, seeTrusted Root certificate on page 252.
If the IP Deskphone fails to authenticate to the RADIUS server or to install the required
certificates, the IP Deskphone displays a EAP Authenticate-Fail message, and the IP
Deskphone cannot access the network.
EAP Re-authentication
The re-authentication process proceeds in the background without disturbing the ongoing
operation of the IP Deskphone. If the re-authentication fails or times out, the IP Deskphone
becomes inoperable. Re-authentication interval is controlled by the Layer 2 switch re-
authentication interval parameter.
The minimum supported re-authentication interval when EAP-MD5 and EAP-PEAP are
configured is 10 seconds; for EAP-TLS, the minimum interval is 20 seconds.
EAP events
EAP Authentication failures are logged using Event 1033.
An example of a TLS authentication failure is as follows:
1033 [Minor][FRI MAY 15 13:48:06 2009][10223][n:/fw/build/../bsp/
vxWorks/common/dot
1x/Supplicant/moceap_tls.c:147] - EAP-TLS Failed to Authenticate
Provisioning configuration files download through HTTPS
HTTPS can be used to securely download provisioning configuration files on the IP Deskphone
using the following process.
1. The IP Deskphone can contact a provisioning server and download an 11xxeSIP.cfg
file to identify additional files and protocols used.
2. When a file is identified, and the protocol specified in the "protocol" parameter is
HTTPS, the IP Deskphone contacts the target server and negotiates a TLS
connection.
3. The IP Deskphone downloads the specified file and terminates the connection.
HTTP connection over TLS is established by using server or mutual
authentication.
HTTP connection over TLS is established by using single or mutual authentication.
EAP Re-authentication
SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012 275