Advanced Operational Features
6-32 41-001160-03, Rev 00, Releaes 2.4
IP Phone Administrator Guide
• If the certificates and private key ARE stored in the phone, the phone uses
them during the authentication process.
• If the phone uses EAP-TLS for successful authentication, after the phone
reboots, it downloads the latest certificates and private key files to the phone.
• The private key uses AES-128 to encrypt the private key file.
• Switch Supplicant Mode - The switch supports the following 2 modes:
— Single supplicant - This mode enables the port once any machine
connected to this port is authenticated. For security reasons, the IP phone
has the option to disable the pass-through port.
— Multiple supplicants - Using this mode, the switch can support multiple
clients connected to same port. The switch distinguishes between the
clients based on their MAC address.
• Factory default and recovery mode deletes all certificates and private keys,
and sets the EAP type to disabled.
You can configure the 802.1x feature on the IP phone using the configuration
files, the IP Phone UI, or the Aastra Web UI.
Note: If configuring 802.1x using the IP Phone UI, the certificates
and private keys must already be configured and stored on the phone.
Use the configuration files or the Aastra Web UI to load certificates
and private keys.
Draft 1