Hi all,
Long time reader of the forums around CS1000/Nortel IP phones, finally registered and posting as I'm stuck.
Our security people want to enforce 802.1X port authentication on all switch ports.
We have Nortel IP 1120E phones with CS1000E and Cisco Networking.
Plan is to use Microsoft Network/Policy Server to provide RADIUS for 802.1X.
Have got all the client port authentication working perfectly and have now started on the phones.
Initially found they only supported EAP-MD5 which isn't supported on Windows 2008, althouhg can be enabled but not recommended as insecure.
Have upgraded the Firmware on the phones to enable EAP-PEAP and EAP-TLS.
Have loaded the root certificate onto the phone ok and configured the EAP username and password.
Have setup NPS for PEAP-MSCHAPv2.
The phones attempt to authenticate but the NPS server just gives the following error:
Error 262
The supplied message is incomplete. The signature was not verified.
All I can find on the above with Microsoft relates to clients not having the root Certificate installed but this is a phone and I've installed the root certificate through TFTP as per Nortel instructions and you can see the root certificate in the trusted certificates debug menus.
Any ideas on how to do this?
Next step is to try and install Network Device Enrollment Services MSCEP on the certificate server to allow the phones to obtain a device certificate but from what I've read this is only needed for EAP-TLS and I'm using PEAP.
Any suggestions very greatfully recieved.
Long time reader of the forums around CS1000/Nortel IP phones, finally registered and posting as I'm stuck.
Our security people want to enforce 802.1X port authentication on all switch ports.
We have Nortel IP 1120E phones with CS1000E and Cisco Networking.
Plan is to use Microsoft Network/Policy Server to provide RADIUS for 802.1X.
Have got all the client port authentication working perfectly and have now started on the phones.
Initially found they only supported EAP-MD5 which isn't supported on Windows 2008, althouhg can be enabled but not recommended as insecure.
Have upgraded the Firmware on the phones to enable EAP-PEAP and EAP-TLS.
Have loaded the root certificate onto the phone ok and configured the EAP username and password.
Have setup NPS for PEAP-MSCHAPv2.
The phones attempt to authenticate but the NPS server just gives the following error:
Error 262
The supplied message is incomplete. The signature was not verified.
All I can find on the above with Microsoft relates to clients not having the root Certificate installed but this is a phone and I've installed the root certificate through TFTP as per Nortel instructions and you can see the root certificate in the trusted certificates debug menus.
Any ideas on how to do this?
Next step is to try and install Network Device Enrollment Services MSCEP on the certificate server to allow the phones to obtain a device certificate but from what I've read this is only needed for EAP-TLS and I'm using PEAP.
Any suggestions very greatfully recieved.
