EasyManua.ls Logo

Avaya 9600 Series - Transferring a Call to Voicemail; Sending an Incoming Call to Your Mailbox

Avaya 9600 Series
162 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Deploying EAP-TLS on phones running without any type of 802.1x
authentication
Before you begin
Configure the Layer 2 switches to which you attach the phones running without any type of 802.1x
authentication, so that the switches do not support EAP-TLS on the ports to which the phones are
attached.
Procedure
1. Clear the phones and then in the 46xxsettings.txt file, turn off the supplicant operation by
making the following entry: SET DOT1XSTAT 0.
2. Modify the upgrade.txt file to point to location for the H.323 Release 6.2 Service Pack 1
files.
3. Modify the settings file, to incorporate the following SCEP parameters appropriately:
MYCERTURL, MYCERTWAIT, MYCERTRENEW and MYCERTDN if needed.
4. Reboot the phone, and ensure that the phone upgrades to H.323 Release 6.2 Service
Pack 1. The phone starts the process of certificate enrollment automatically, by sending a
SCEP request to MYCERTURL.
5. Monitor the CA, to check whether all the phones that the system has upgraded, have
enrolled their certificates with the CA.
Note:
If you administer the CA to require manual approval of certificate requests, then the
phone takes a minimum of two minutes to download the identity certificate after the CA
approves the request. Therefore, do not reboot the phones until at least two minutes
after approving the certificate enrollment request. If the certificate enrollment process
is automatic, the process takes less time than manual enrollment.
6. Administer the RADIUS server to accept the identity certificates provided by the phones.
7. Change the 46xxsettings.txt file, to turn on 802.1x authentication, by setting DOT1XSTAT to
a value of 1 or 2.
8. Set the EAPS authentication method to TLS by setting SET DOT1XEAPS TLS in the
46xxsettings.txt file.
9. Configure the Layer 2 switches to which you have attached these phones, to support EAP-
TLS on the ports to which you have attached the phones.
Result
The switches prompt the phones to authenticate using EAP-TLS and the phones authenticate
using the enrolled certificates. After setup completes, the phones maintain the configurations
across restarts and upgrades. Depending on the value of MYCERTRENEW, the phones try to renew
their certificates enrollment, periodically. The administrator must monitor pending enrollments.
Related links
EAP-TLS support for authentication on page 105
Administering Deskphone Options
March 2018 Administering Avaya 9608/9608G/9611G/9621G/9641G/9641GS IP Deskphones H.
323 109
Comments on this document? infodev@avaya.com

Table of Contents

Other manuals for Avaya 9600 Series

Preview: Manual
Manual187 pages
Preview: Installing And Administering
Installing And Administering268 pages
Preview: User Guide
User Guide178 pages
Preview: Setup Guide
Setup Guide65 pages
Preview: Instruction Manual
Instruction Manual98 pages
Preview: Configuring
Configuring51 pages
Preview: Application Notes
Application Notes14 pages
Preview: Brochure
Brochure4 pages

Related product manuals