dgcorp
Junior Member
Posts: 4
Joined: Aug 2015
|
RE: T46g & T48G RADIUS 802.1x and SHA256
- Can Yealink acknowledge that there is a problem with 802.1x PEAP-MSCHAPv2 on the more recent ROMs and is anything being done to fix this?
I just found this forum thread and wanted to say that I'm seeing the same problems as Bigmac.
We are preparing to enable 802.1x across our wired network.
Planned 802.1x Auth Method = PEAP/MSCHAPv2
Switches are HP / Aruba
RADIUS is Win2012R2 Network Policy Server
CA Root is Win2012R2 Certificate Services.
Root Cert is Base64 PEM encoded (file ends in .cer) using SHA1 (not SHA256 I don't think)
Yealink T46 with ROM: 28.80.0.136 (provisioned by our supplier Teliqo)
I spent yesterday unable to get my test T46G phone to connect but it was just failing repeatedly, no matter what I adjusted in the RADIUS settings.
RADIUS logs error:
"Terminate Cause: Unexpected error. Possible error in server or client configuration." (most unhelpful I know)
Windows Security Log EventID 6273:
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
Windows System Log EventID 36887: (around the same time)
"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46."
-
I was starting to pull my hair out, until I thought to try an older ROM. Here are my results:
28.72.23.6 = PEAP works
28.80.0.95 = PEAP works
28.80.0.136 = does NOT work
28.81.0.25 = does NOT work
I saw a similar PCAP network trace as I think Bigmac posted, but I haven't analysed it in great detail.
Regards, Derek
-
|
|
02-13-2017 10:00 PM |
|