Specifications
Phone Hardening Measures
A31003-D3000-P100-01-76A9, 10-2013
28 OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide
Secure Access to Network (Use IEEE 802.1x Access Control)
Related Topics
4.7 Secure Access to Network (Use IEEE 802.1x Access Control)
The customer has the option to enable IEEE 802.1x in the network and at the
phone by installing the appropriate certificates. This should be done in a secure
“staging” area.
Support of IEEE 802.1x provides means of authenticating and authorizing a
device attached to local area networks. For details and further information please
refer to
http://wiki.unify.com/images/a/ae/DLS_Certificate_Management_for_802_1x.pdf
http://wiki.unify.com/index.php/VoIP_Security
and
http://wiki.unify.com/images/2/23/IEEE_802.1X_Configuration_Management.pdf
Table: IEEE 902.1x enabling
Set LDAP Transport to
use TLS
Yes: No:
Customer Comments and
Reasons. If some mea-
sures are not executed
then please explain here.
CL- Enable 802.1x
Measures • Configure 802.1x options
• Install certificates onto the phone
• Check that 802.1x certificate policy is trusted
• Set MSCHAP-ID and password for PEAP mode
References
Can be done via DLS and enabling network for 802.1x (external switch con-
figuration)
Needed Access Rights Administrator
Executed
Configure 802.1x options Yes: No:
Load 802.1x phone Client
certificate onto the phone
for EAP-TLS mode
Yes: No:
CL-Secure phone
access to LDAP Server