[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
802.1x with certificates - problems
Author Message
blind_oracle Offline
Junior Member
**

Posts: 4
Joined: May 2015
Reputation: 0
Post: #1
802.1x with certificates - problems
I've got a lot of Yealink phones (T22, T28 etc), Cisco Catalyst 2960-S switches and Cisco ISE as an authentication server.

And i'm trying to do 802.1x auth with the phones.
EAP-MD5 works fine, but i'm trying to make EAP-TLS/PEAP work.

I've uploaded the certificates (client, CA) to the test phone, ISE server's certificate was issued by the same CA:

Code:
network.802_1x.mode = 3
network.802_1x.identity = dot1x-client
network.802_1x.md5_password = xxx
network.802_1x.root_cert_url = http://voip.domain.ru/yealink/tls/ca-linux-2048.domain.ru.pem
network.802_1x.client_cert_url = http://voip.domain.ru/yealink/tls/dot1x-client.pem

If i enable 802.1x on port while the phone is online, it authenticates successfully and works fine. EAP-PEAP/EAP-TLS both work.

But if i reboot the phone, when it boots up again it cannot authenticate to the ISE any more:
Code:
12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate

If i disable 802.1x on port and re-enable it afterwards - it authenticates and works fine again.

I'm testing on T22P with latest FW 7.73.0.50, tried earlier versions too, same shit.

Glad to have any help.

ISE Log:
Code:
    11001     Received RADIUS Access-Request
      11017     RADIUS created a new session
      11049     Settings of RADIUS default network device will be used
      15049     Evaluating Policy Group
      15008     Evaluating Service Selection Policy
      15048     Queried PIP - Radius.Service-Type
      15048     Queried PIP - Radius.NAS-Port-Type
      15048     Queried PIP - Radius.NAS-IP-Address
      15004     Matched rule - Wired Dot1x
      11507     Extracted EAP-Response/Identity
      12300     Prepared EAP-Request proposing PEAP with challenge
      12625     Valid EAP-Key-Name attribute received
      11006     Returned RADIUS Access-Challenge
      11001     Received RADIUS Access-Request
      11018     RADIUS is re-using an existing session
      11049     Settings of RADIUS default network device will be used
      12302     Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
      12319     Successfully negotiated PEAP version 1
      12800     Extracted first TLS record; TLS handshake started
      12805     Extracted TLS ClientHello message
      12806     Prepared TLS ServerHello message
      12807     Prepared TLS Certificate message
      12810     Prepared TLS ServerDone message
      12305     Prepared EAP-Request with another PEAP challenge
      11006     Returned RADIUS Access-Challenge
      11001     Received RADIUS Access-Request
      11018     RADIUS is re-using an existing session
      11049     Settings of RADIUS default network device will be used
      12304     Extracted EAP-Response containing PEAP challenge-response
      12305     Prepared EAP-Request with another PEAP challenge
      11006     Returned RADIUS Access-Challenge
      11001     Received RADIUS Access-Request
      11018     RADIUS is re-using an existing session
      11049     Settings of RADIUS default network device will be used
      12304     Extracted EAP-Response containing PEAP challenge-response
      12305     Prepared EAP-Request with another PEAP challenge
      11006     Returned RADIUS Access-Challenge
      11001     Received RADIUS Access-Request
      11018     RADIUS is re-using an existing session
      11049     Settings of RADIUS default network device will be used
      12304     Extracted EAP-Response containing PEAP challenge-response
      12319     Successfully negotiated PEAP version 1
      12815     Extracted TLS Alert message
      12321     PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
      12307     PEAP authentication failed
      11504     Prepared EAP-Failure
      11003     Returned RADIUS Access-Reject

Phone's syslog:
Code:
Nov 10 00:00:00 syslogd started: BusyBox v1.10.3
Nov 10 00:00:01 RTSR[246]: ANY <0+emerg > RTSR log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
Nov 10 00:00:01 RTSR[246]: ANY <0+emerg > ANY =5
Nov 10 00:00:01 RTSR[246]: ANY <0+emerg > RTSR log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
Nov 10 00:00:01 RTSR[246]: ANY <0+emerg > ANY =3
May 21 00:00:05 Log [274]: ANY <0+emerg > Log  log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:05 Log [274]: ANY <0+emerg > ANY =5
May 21 00:00:05 Log [274]: ANY <0+emerg > Log  log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:05 Log [274]: ANY <0+emerg > ANY =3
May 21 00:00:08 AUTP[346]: ANY <0+emerg > AUTP log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:08 AUTP[346]: ANY <0+emerg > ANY =3
May 21 00:00:08 AUTP[346]: AUTP<3+error > File Check Fail!
May 21 00:00:09 LLDP[352]: ANY <0+emerg > LLDP log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:09 LLDP[352]: ANY <0+emerg > ANY =5
May 21 00:00:10 LLDP[352]: ANY <0+emerg > ANY =3
May 21 00:00:10 inetd[374]: /etc/inetd.conf: No such file or directory
May 21 00:00:12 SIP [372]: ANY <0+emerg > SIP log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:12 SIP [372]: ANY <0+emerg > ANY =5
May 21 00:00:12 SIP [372]: ANY <0+emerg > [SIP] UA Build:[ (May  5 2014,08:12:27)-Release] Version:[ 7.3.0.6 ]
May 21 00:00:12 SIP [372]: SIP <5+notice> [SIP] sip phone type is:0
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.116.973:IPP log :sys=1,cons=0,time=1,sock=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.122.723:Version :12.1.90.0 for release (libsrtp)
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.124.102:Built-at:Jun  2 2014,20:45:45. Using svn id NULL
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.125.376:Logmode :0x00000005
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.126.590:setting :memcheck=0,assert=0
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.127.819:ANY =4
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.130.178:ANY =5
May 21 00:00:13 IPP[395]: ANY <0+emerg >413.132.200:HW Ver  :5.0.0.61
May 21 00:00:15 TR9 [398]: ANY <0+emerg > TR9  log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:15 TR9 [398]: ANY <0+emerg > ANY =5
May 21 00:00:15 TR9 [398]: ANY <0+emerg > ANY =3
May 21 00:00:15 IPP[395]: IPP <5+notice>415.367.689:PROF t22 v2
May 21 00:00:15 AUTP[401]: AUTP<3+error > Get Local IP fail
May 21 00:00:15 LIBD[346]: DANY<0+emerg > LIBD log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:15 LIBD[346]: DANY<0+emerg > LIBD log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:16 LIBD[346]: DANY<0+emerg > DANY=3
May 21 00:00:16 IPP[395]: IPP <4+warnin>416.575.163:unkown msg,00008001,00000000,00000000
May 21 00:00:17 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:17 LIBD[397]: DANY<0+emerg > LIBD log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:17 IPP[395]: IPP <5+notice>417.912.433:OPEN_HEADSET_MODE:00000001 00000000
May 21 00:00:17 IPP[395]: IPP <5+notice>417.917.320:SET_VOLUNE:00000001 00000000
May 21 00:00:17 IPP[395]: IPP <5+notice>417.918.870:PLAY_LOCAL_DTMF:00000000 00000001
May 21 00:00:17 IPP[395]: IPP <5+notice>417.920.377:OPEN_HANDSET_MODE:00000001 00000000
May 21 00:00:17 IPP[395]: IPP <5+notice>417.924.857:OPEN_HANDFREE_MODE:00000001 00000000
May 21 00:00:18 IPP[395]: IPP <5+notice>418.014.563:SET_VOLUNE:00000001 0000000e
May 21 00:00:18 IPP[395]: IPP <5+notice>418.016.397:TALK_START:fffffffe 00000000
May 21 00:00:18 IPP[395]: IPP <5+notice>418.052.759:OPEN_HANDSET_MODE:00000001 00000000
May 21 00:00:18 IPP[395]: IPP <5+notice>418.055.527:SET_VOLUNE:00000001 0000000f
May 21 00:00:18 LIBD[257]: DANY<0+emerg > LIBD log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:18 LIBD[257]: DANY<0+emerg > LIBD log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:18 LIBD[257]: DANY<0+emerg > DANY=6
May 21 00:00:18 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:18 LIBD[257]: DCMN<6+info  > OK
May 21 00:00:18 LIBD[257]: DCMN<6+info  > verify advance
May 21 00:00:19 LIBD[257]: DCMN<6+info  > client cert
May 21 00:00:19 RTSR[257]: RTSR<3+error > com name yealinkgeneric
May 21 00:00:19 RTSR[257]: RTSR<3+error > Not the factory firmware!
May 21 00:00:19 RTSR[257]: RTSR<3+error > handle failed
May 21 00:00:19 IPP[395]: IPP <4+warnin>419.145.487:unkown msg,00002001,00000000,00000000
May 21 00:00:20 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:21 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:21 RTSR[432]: ANY <0+emerg > RTSR log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:21 RTSR[432]: ANY <0+emerg > ANY =5
May 21 00:00:21 RTSR[432]: ANY <0+emerg > RTSR log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:21 RTSR[432]: ANY <0+emerg > ANY =3
May 21 00:00:23 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:24 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:26 LDAP[397]: ANY <0+emerg > LDAP log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:26 LDAP[397]: ANY <0+emerg > ANY =3
May 21 00:00:26 LDAP[397]: ANY <0+emerg > MEM =3
May 21 00:00:26 LDAP[397]: ANY <0+emerg > LDAP=3
May 21 00:00:26 LDAP[397]: LDAP<3+error > Init config! libldap Ver:3.0.1.7
May 21 00:00:26 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:27 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:29 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:30 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:31 RTSR[435]: ANY <0+emerg > RTSR log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:31 RTSR[435]: ANY <0+emerg > ANY =5
May 21 00:00:31 RTSR[435]: ANY <0+emerg > RTSR log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:00:31 RTSR[435]: ANY <0+emerg > ANY =3
May 21 00:00:32 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:33 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:34 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:35 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:36 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:38 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:39 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:40 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:41 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:42 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:43 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:44 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:45 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:46 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:47 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:48 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:49 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:50 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:51 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:52 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:53 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:54 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:55 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:56 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:57 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:58 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:00:59 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:00 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:01 RTSR[500]: ANY <0+emerg > RTSR log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:01:01 RTSR[500]: ANY <0+emerg > ANY =5
May 21 00:01:01 RTSR[500]: ANY <0+emerg > RTSR log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:01:01 RTSR[500]: ANY <0+emerg > ANY =3
May 21 00:01:01 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:02 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:03 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:04 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:05 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:06 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:07 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:08 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:09 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:10 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:12 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:13 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:14 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:15 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:16 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:17 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:18 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:19 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:20 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:21 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:22 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:23 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:24 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:25 RTSR[502]: ANY <0+emerg > RTSR log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:01:25 RTSR[502]: ANY <0+emerg > ANY =5
May 21 00:01:25 RTSR[502]: ANY <0+emerg > RTSR log :sys=1,cons=1,time=0,E=3,W=4,N=5,I=6,D=7
May 21 00:01:25 RTSR[502]: ANY <0+emerg > ANY =3
May 21 00:01:25 AUTP[346]: AUTP<3+error > network isn't complete, sleep 1s!
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.495.523:unkown msg,00002002,00000000,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.516.322:unkown msg,00010005,00000000,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.614.697:unkown msg,00010005,00000000,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.713.597:unkown msg,00010010,030b010a,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.823.882:unkown msg,00010100,00000000,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.828.554:unkown msg,00002008,00000000,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.854.183:unkown msg,00002007,00000000,00000000
May 21 00:01:25 IPP[395]: IPP <4+warnin>485.911.940:unkown msg,00002007,00000000,00000000
May 21 00:01:26 SIP [372]: SIP <5+notice> [SIP] ** Load phone context **
May 21 00:01:27 LIBD[346]: DANY<0+emerg > DANY=3
May 21 00:01:28 LIBD[346]: DCMN<3+error > the ca file file has existed in custom certs directory
May 21 00:01:28 AUTP[346]: AUTP<3+error > Upgrade Fial
May 21 00:01:29 syslog: web_upd.cpp(2750): pcHwVer=5.0.0.61
May 21 00:01:29 syslog: web_upd.cpp(971): mtd6 ver from update.cfg:7.72.14.6.-1.-1
May 21 00:01:29 syslog: web_upd.cpp(2815): nWebUpdHeadLen=29, nWebUpdSubHeadLen=11
May 21 00:01:29 syslog: web_upd.cpp(1807): firmware sw_protect=0, swver[2]:14--14
May 21 00:01:29 syslog: ^[[1;31mweb_err.cpp(33): Errcode=0x11ff, desc:partion 6 does not need update  ^[[0m
May 21 00:01:29 AUTP[346]: AUTP<3+error > Invalid rom header!
May 21 00:01:29 AUTP[346]: AUTP<3+error > errCode = 4607, errDesc = partion 6 does not need update
May 21 00:01:29 SIP [372]: SIP <5+notice> [SIP] ** Load OK **
May 21 00:01:29 SIP [372]: ANY <0+emerg > ANY =3
May 21 00:01:30 IPP[395]: IPP <4+warnin>490.284.473:unkown msg,000b0007,00000001,00000000
May 21 11:05:10 IPP[395]: IPP <4+warnin>310.633.772:unkown msg,00002006,00000000,00000000
May 21 11:05:10 IPP[395]: IPP <4+warnin>310.671.719:unkown msg,00002007,00000000,00000000
May 21 11:05:13 IPP[395]: IPP <4+warnin>313.700.166:unkown msg,00010006,00000000,00000001
May 21 11:05:14 IPP[395]: IPP <4+warnin>314.960.976:unkown msg,00010006,00000000,00000002
May 21 11:05:18 Log [335]: ANY <0+emerg > Log  log :sys=1,cons=0,time=0,E=3,W=4,N=5,I=6,D=7
May 21 11:05:18 Log [335]: ANY <0+emerg > ANY =3
esw0      Link encap:Ethernet  HWaddr 00:15:65:4E:24:91  
          inet addr:10.1.11.3  Bcast:10.255.255.255  Mask:255.255.254.0
          inet6 addr: fe80::215:65ff:fe4e:2491/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:483 errors:0 dropped:0 overruns:0 frame:0
          TX packets:441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:265631 (259.4 KiB)  TX bytes:189439 (184.9 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

  PID USER       VSZ STAT COMMAND
    1 root      2808 S    init      
    2 root         0 SW   [ksoftirqd/0]
    3 root         0 SW<  [desched/0]
    4 root         0 SW<  [events/0]
    5 root         0 SW<  [khelper]
   10 root         0 SW<  [kthread]
   13 root         0 SW<  [kblockd/0]
   39 root         0 SW   [pdflush]
   40 root         0 SW   [pdflush]
   42 root         0 SW<  [aio/0]
   41 root         0 SW   [kswapd0]
   48 root         0 SW   [kseriod]
   60 root         0 SW   [mtdblockd]
   88 root         0 SW<  [IRQ 8]
   91 root         0 SW<  [IRQ 15]
  120 root         0 SW<  [kmkit]
  141 root         0 SWN  [jffs2_gcd_mtd4]
  211 root      2808 S    init      
  233 root         0 SW<  [IRQ 35]
  236 root      2808 S    /bin/sh /yealink/scripts/Net.sh
  238 root      7340 S    /yealink/bin/configServer.exx
  246 root     10532 S    /yealink/bin/rtServer.exx
  253 root      2268 S    /sbin/syslogd -S -O /tmp/Messages -s 200 -b1
  256 root     10532 S    /yealink/bin/rtServer.exx
  257 root     10532 S    /yealink/bin/rtServer.exx
  258 root     10532 S    /yealink/bin/rtServer.exx
  264 root      2808 S    /bin/sh /yealink/scripts/ScreenApp.sh
  274 root     18104 S    /yealink/bin/Screen.exe
  326 root      9004 S    /yealink/bin/dot1x.exe -B -i esw0 -c /yealink/config/
  330 root      6044 S    ./sbin/lighttpd -f /yealink/bin/lighttpd/config/light
  335 root     12176 S    /yealink/html/WEB-INFO/bin/fcgiServer.exx
  342 root      2808 S    /bin/sh /yealink/scripts/SipApp.sh
  343 root      2808 S    /bin/sh /yealink/scripts/VpmApp.sh
  344 root      8108 S    /yealink/bin/pcap.exx
  346 root     11924 S    /yealink/bin/autop.exe
  338 root      6888 S    /yealink/bin/lldpd &
  363 root     12176 S    /yealink/html/WEB-INFO/bin/fcgiServer.exx
  364 root     12176 S    /yealink/html/WEB-INFO/bin/fcgiServer.exx
  352 root      7400 S    /yealink/bin/lldpd &
  370 root         0 SW<  [IRQ 29]
  372 root     11656 S    /yealink/bin/sipServer.exx
  374 root      2808 S    /usr/sbin/inetd
  375 root      2808 S    /bin/sh /yealink/scripts/TR069.sh
  395 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  396 root     18104 S    /yealink/bin/Screen.exe
  397 root     18104 S    /yealink/bin/Screen.exe
  398 root     11168 S    /yealink/bin/tr069_client
  399 root     11924 S    /yealink/bin/autop.exe
  401 root     11924 S    /yealink/bin/autop.exe
  402 root     11168 S    /yealink/bin/tr069_client
  403 root     11168 S    /yealink/bin/tr069_client
  404 root     18104 S    /yealink/bin/Screen.exe
  407 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  408 root     18104 S    /yealink/bin/Screen.exe
  409 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  410 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  411 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  412 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  413 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  414 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  415 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  416 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  417 root     18104 S    /yealink/bin/Screen.exe
  418 root     18104 S    /yealink/bin/Screen.exe
  419 root         0 SW<  [IRQ 45]
  420 root     18104 S    /yealink/bin/Screen.exe
  421 root     18104 S    /yealink/bin/Screen.exe
  422 root     18104 S    /yealink/bin/Screen.exe
  423 root     18104 S    /yealink/bin/Screen.exe
  424 root     18104 S    /yealink/bin/Screen.exe
  426 root     18104 S    /yealink/bin/Screen.exe
  427 root     18104 S    /yealink/bin/Screen.exe
  428 root     18104 S    /yealink/bin/Screen.exe
  434 root     18104 S    /yealink/bin/Screen.exe
  437 root      2268 S    /sbin/udhcpc -b -i esw0 -a -s /yealink/bin/rtServer.e
  505 root     11168 S    /yealink/bin/tr069_client
  507 root     11168 S    /yealink/bin/tr069_client
  508 root     11656 S    /yealink/bin/sipServer.exx
  509 root     11656 S    /yealink/bin/sipServer.exx
  510 root     11656 S    /yealink/bin/sipServer.exx
  511 root     11656 S    /yealink/bin/sipServer.exx
  513 root     11656 S    /yealink/bin/sipServer.exx
  515 root      2808 S    sh -c cd /tmp;ifconfig >> Messages;ps >> Messages;tar
  517 root      2808 R    ps
esw0      Link encap:Ethernet  HWaddr 00:15:65:4E:24:91  
          inet addr:10.1.11.3  Bcast:10.255.255.255  Mask:255.255.254.0
          inet6 addr: fe80::215:65ff:fe4e:2491/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:638 errors:0 dropped:0 overruns:0 frame:0
          TX packets:481 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:284523 (277.8 KiB)  TX bytes:216619 (211.5 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

  PID USER       VSZ STAT COMMAND
    1 root      2808 S    init      
    2 root         0 SW   [ksoftirqd/0]
    3 root         0 SW<  [desched/0]
    4 root         0 SW<  [events/0]
    5 root         0 SW<  [khelper]
   10 root         0 SW<  [kthread]
   13 root         0 SW<  [kblockd/0]
   39 root         0 SW   [pdflush]
   40 root         0 SW   [pdflush]
   42 root         0 SW<  [aio/0]
   41 root         0 SW   [kswapd0]
   48 root         0 SW   [kseriod]
   60 root         0 SW   [mtdblockd]
   88 root         0 SW<  [IRQ 8]
   91 root         0 SW<  [IRQ 15]
  120 root         0 SW<  [kmkit]
  141 root         0 SWN  [jffs2_gcd_mtd4]
  211 root      2808 S    init      
  233 root         0 SW<  [IRQ 35]
  236 root      2808 S    /bin/sh /yealink/scripts/Net.sh
  238 root      7340 S    /yealink/bin/configServer.exx
  246 root     10532 S    /yealink/bin/rtServer.exx
  253 root      2268 S    /sbin/syslogd -S -O /tmp/Messages -s 200 -b1
  256 root     10532 S    /yealink/bin/rtServer.exx
  257 root     10532 S    /yealink/bin/rtServer.exx
  258 root     10532 S    /yealink/bin/rtServer.exx
  264 root      2808 S    /bin/sh /yealink/scripts/ScreenApp.sh
  274 root     18104 S    /yealink/bin/Screen.exe
  326 root      9004 S    /yealink/bin/dot1x.exe -B -i esw0 -c /yealink/config/
  330 root      6044 S    ./sbin/lighttpd -f /yealink/bin/lighttpd/config/light
  335 root     12176 S    /yealink/html/WEB-INFO/bin/fcgiServer.exx
  342 root      2808 S    /bin/sh /yealink/scripts/SipApp.sh
  343 root      2808 S    /bin/sh /yealink/scripts/VpmApp.sh
  344 root      8108 S    /yealink/bin/pcap.exx
  346 root     11924 S    /yealink/bin/autop.exe
  338 root      6888 S    /yealink/bin/lldpd &
  363 root     12176 S    /yealink/html/WEB-INFO/bin/fcgiServer.exx
  364 root     12176 S    /yealink/html/WEB-INFO/bin/fcgiServer.exx
  352 root      7400 S    /yealink/bin/lldpd &
  370 root         0 SW<  [IRQ 29]
  372 root     11656 S    /yealink/bin/sipServer.exx
  374 root      2808 S    /usr/sbin/inetd
  375 root      2808 S    /bin/sh /yealink/scripts/TR069.sh
  395 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  396 root     18104 S    /yealink/bin/Screen.exe
  397 root     18104 S    /yealink/bin/Screen.exe
  398 root     11168 S    /yealink/bin/tr069_client
  399 root     11924 S    /yealink/bin/autop.exe
  401 root     11924 S    /yealink/bin/autop.exe
  402 root     11168 S    /yealink/bin/tr069_client
  403 root     11168 S    /yealink/bin/tr069_client
  404 root     18104 S    /yealink/bin/Screen.exe
  407 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  408 root     18104 S    /yealink/bin/Screen.exe
  409 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  410 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  411 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  412 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  413 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  414 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  415 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  416 root      9880 S    /yealink/bin/ggsvca_ipp -q -w -m ANY=5
  417 root     18104 S    /yealink/bin/Screen.exe
  418 root     18104 S    /yealink/bin/Screen.exe
  419 root         0 SW<  [IRQ 45]
  420 root     18104 S    /yealink/bin/Screen.exe
  421 root     18104 S    /yealink/bin/Screen.exe
  422 root     18104 S    /yealink/bin/Screen.exe
  423 root     18104 S    /yealink/bin/Screen.exe
  424 root     18104 S    /yealink/bin/Screen.exe
  426 root     18104 S    /yealink/bin/Screen.exe
  427 root     18104 S    /yealink/bin/Screen.exe
  428 root     18104 S    /yealink/bin/Screen.exe
  434 root     18104 S    /yealink/bin/Screen.exe
  437 root      2268 S    /sbin/udhcpc -b -i esw0 -a -s /yealink/bin/rtServer.e
  505 root     11168 S    /yealink/bin/tr069_client
  507 root     11168 S    /yealink/bin/tr069_client
  508 root     11656 S    /yealink/bin/sipServer.exx
  509 root     11656 S    /yealink/bin/sipServer.exx
  510 root     11656 S    /yealink/bin/sipServer.exx
  511 root     11656 S    /yealink/bin/sipServer.exx
  513 root     11656 S    /yealink/bin/sipServer.exx
  519 root      2808 S    sh -c cd /tmp;ifconfig >> Messages;ps >> Messages;tar
  521 root      2808 R    ps

P.S.
I've got an idea that the phone's time is not correct at the time of bootup and it rejects the certificate because it's not yet valid. But how to overcome this?
(This post was last modified: 05-21-2015 08:53 PM by blind_oracle.)
05-21-2015 08:51 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
James_Yealink Offline
Administrator
*******

Posts: 1,159
Joined: Aug 2014
Reputation: 8
Post: #2
RE: 802.1x with certificates - problems
Hi,

I will check the issue with our R&D firstly.

Regards,
James
05-22-2015 05:36 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
blind_oracle Offline
Junior Member
**

Posts: 4
Joined: May 2015
Reputation: 0
Post: #3
RE: 802.1x with certificates - problems
There's no need, thanks. I've got to the root of the problem:
1. When the phone boots, it defaults it's time to 00:00:00 and date to the last date it knew (today)
2. It checks server certificate that was issued *today* too, but ,for example, at 12:00, so from the phone's perspective it's not yet valid.

So it's enough to wait 1 day for the date to move to the next day and it started to work fine.
05-22-2015 02:41 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
James_Yealink Offline
Administrator
*******

Posts: 1,159
Joined: Aug 2014
Reputation: 8
Post: #4
RE: 802.1x with certificates - problems
OK, Glad to hear that you have solved it.

Regards,
James
05-22-2015 09:24 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication