T46g & T48G RADIUS 802.1x and SHA256

[Bigmac]

Hi Guys,

In the past, the RADIUS Authentication 802.1x worked beautifully with the Yealink T46g & T48G Phones.

Now we create a new CA Root Certificate.
The old certificate was encrypted with SHA1 and that new with SHA256.
Since the authentication stops working.

On the phones is the latest firmware 30.80.0.95.
CA Certificate = SHA265, 2048 bits, BASE64 export.

Is there not SHA256 encryption support for 802.1x by this Phones?

Thanks for the help,
Torsten

[Karl_Yealink]

You can get help from the guide:
http://support.yealink.com/attachmentDow...V80_60.pdf

[Bigmac]

Hi Karl,

thanks for your answer.
These instructions I already know - but it does not help.
When T46G works authentication only when the phone has received an IP already in the network, and subsequently the authentication is turned on the switch.
After restarting the T46G Phone the authentication fails.

At T48G it does not work at all.

As already said, certificate with the SHA1 it has always worked.

Does somebody has any idea?

Thanks and regards,
Torsten

[Karl_Yealink]

Hi Torsten,

I have clients use the CA encrypted with sha256, and it can work normally in V80 version.

Can you try other 802.1x Mode to test again?
And check the time of CA, will it out of date?

If it still can't work, please help us to get the syslog, we can check something from them.
You can know how to do from the FAQ: http://support.yealink.com/faq/faqInfo?id=311

[Bigmac]

(03-11-2016 03:47 AM)Yealink_Karl Wrote:  Hi Torsten,

I have clients use the CA encrypted with sha256, and it can work normally in V80 version.

Can you try other 802.1x Mode to test again?
And check the time of CA, will it out of date?

If it still can't work, please help us to get the syslog, we can check something from them.
You can know how to do from the FAQ: http://support.yealink.com/faq/faqInfo?id=311

Hi Karl,

Thanks for help me.

MD5 works fine, bit isn't save.
The Phone doesn't accept the CA-Cert from RADIUS (please see picture in Attachments)

Best regards,
Torsten

[Karl_Yealink]

Would you please mind send the CA-Cert and syslog to me.
I will sumbit this problem to our R&D to do an anaylze.
If you don't want to make the info public, you can send a email to me(karl@yealink.com)

Note that you need to tell me the forum link in the email, so I can know the detail problem.

[Bigmac]

Hi Karl,

When I take a new T46G (freshly unpacked) and install it through the provisioning, the 802.1x RADIUS with SHA256 Cert works immediately.
On phones that had previously installed the old SHA1 Cert it does not work after changing to the new SHA256 Cert.

If the old Cert not clean from memory?
Or still exist entries for the old cert?
(Back to Factory defaults dosn't help)

BR,
Torsten

[Karl_Yealink]

Suggest that you can upgrade the firmware again and reset the phone then test again.
You can download the latest firmware from the link: http://support.yealink.com/documentFront...ateId=1313

[Bigmac]

Hi Karl,

Thanks for your answer.

The status of my tests:
A new T46G (fresh out of the package) with firmware 28.80.0.95 works with 802.1x & SHA256

A new T48G (fresh out of the package) with firmware 35.80.0.95 does not work with 802.1x & SHA256
-> Back to firmware 35.80.0.70 and behold - it works.

Fixed: (Used T48G (previously with SHA1 certificate) does not work, no matter what firmware is installed. Reset and installing firmware not change anything.)
-> Factory defaults by Menu on Phone has fix the problem.

Only problem with the firmware 35.80.0.95 on the T48G persists.
The firmware 35.80.0.70 works fine.

Best regards,
Torsten

[Karl_Yealink]

Hi Torsten,

Suggest that you can use the 35.80.0.70 right now.
I will submit this issue to our R&D to know.
Thank you for your info.