• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

I have been trying to get my phones to authenticate using 8021.x eap-tls for a couple of weeks now without success.   I can get my laptop to authenticate on the same port without issue.

 

Here is the configuration from the phone.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Application SIP Finlay 5.6.0.17325 09-Jul-17 01:33 -->
<!-- Created 15-10-2021 15:05 -->
<PHONE_CONFIG>
<!-- Note: The following parameters have been excluded from the export:
device.auth.localUserPassword=""
device.tr069.cpe.password=""
device.tr069.acs.password=""
device.pacfile.password=""
device.net.dot1x.password=""
device.prov.lyncDeviceUpdatePassword=""
device.auth.localAdminPassword=""
device.logincred.password=""
device.prov.password=""
-->
<DEVICE_SETTINGS
device.set="1"
device.auth.localUserPassword.set="0"
device.tr069.cpe.password.set="0"
device.tr069.acs.password.set="0"
device.pacfile.password.set="0"
device.net.dot1x.password.set="0"
device.prov.lyncDeviceUpdatePassword.set="0"
device.auth.localAdminPassword.set="0"
device.logincred.pin.set="0"
device.logincred.pin=""
device.logincred.password.set="0"
device.prov.password.set="0"
device.baseProfile.set="1"
device.baseProfile="Generic"
device.prov.serverType.set="1"
device.prov.serverType="HTTP"
device.dhcp.enabled.set="1"
device.dhcp.enabled="1"
device.net.enabled.set="1"
device.net.enabled="1"
device.net.ipAddress.set="1"
device.net.ipAddress="0.0.0.0"
device.net.subnetMask.set="1"
device.net.subnetMask="255.0.0.0"
device.net.IPgateway.set="1"
device.net.IPgateway="0.0.0.0"
device.net.ipStack.set="1"
device.net.ipStack="V4Only"
device.net.preferredNetwork.set="1"
device.net.preferredNetwork="V6"
device.net.ipv6AddrDisc.set="1"
device.net.ipv6AddrDisc="DHCP"
device.net.ipv6PrivacyExtension.set="1"
device.net.ipv6PrivacyExtension="EUI64"
device.net.ipv6Address.set="1"
device.net.ipv6Address="::"
device.net.ipv6ULAAddress.set="1"
device.net.ipv6ULAAddress="::"
device.net.ipv6LinkAddress.set="1"
device.net.ipv6LinkAddress="::"
device.net.ipv6Gateway.set="1"
device.net.ipv6Gateway="::"
device.net.vlanId.set="1"
device.net.vlanId=""
device.net.cdpEnabled.set="1"
device.net.cdpEnabled="1"
device.net.lldpEnabled.set="1"
device.net.lldpEnabled="1"
device.net.lldpCapabilitiesRequired.set="1"
device.net.lldpCapabilitiesRequired="1"
device.net.lldpFastStartCount.set="1"
device.net.lldpFastStartCount="5"
device.net.etherVlanFilter.set="1"
device.net.etherVlanFilter="1"
device.net.etherStormFilter.set="1"
device.net.etherStormFilter="1"
device.net.etherStormFilterPpsValue.set="1"
device.net.etherStormFilterPpsValue="38"
device.net.icmp.echoRepliesMask.set="1"
device.net.icmp.echoRepliesMask="1"
device.net.etherModeLAN.set="1"
device.net.etherModeLAN="Auto"
device.net.etherModePC.set="1"
device.net.etherModePC="Auto"
device.dhcp.dhcpVlanDiscUseOpt.set="1"
device.dhcp.dhcpVlanDiscUseOpt="Fixed"
device.dhcp.dhcpVlanDiscOpt.set="1"
device.dhcp.dhcpVlanDiscOpt="129"
device.dhcp.dhcpv6VlanDiscOpt.set="1"
device.dhcp.dhcpv6VlanDiscOpt="1"
device.dhcp.bootSrvUseOpt.set="1"
device.dhcp.bootSrvUseOpt="CustomAndDefault"
device.dhcp.bootSrvOpt.set="1"
device.dhcp.bootSrvOpt="160"
device.dhcp.bootSrvOptType.set="1"
device.dhcp.bootSrvOptType="String"
device.dhcp.option60Type.set="1"
device.dhcp.option60Type="ASCII"
device.prov.upgradeServer.set="1"
device.prov.upgradeServer=""
device.prov.serverName.set="1"
device.prov.serverName="http://provision.omnity.biz"
device.prov.user.set="1"
device.prov.user=""
device.prov.redunAttemptLimit.set="1"
device.prov.redunAttemptLimit="3"
device.prov.redunInterAttemptDelay.set="1"
device.prov.redunInterAttemptDelay="1"
device.prov.maxRedunServers.set="1"
device.prov.maxRedunServers="8"
device.prov.AutoProvEnabled.set="1"
device.prov.AutoProvEnabled="0"
device.prov.networkEnvironment.set="1"
device.prov.networkEnvironment="1"
device.prov.tagSerialNo.set="1"
device.prov.tagSerialNo="0"
device.cma.mode.set="1"
device.cma.mode="Disabled"
device.cma.serverName.set="1"
device.cma.serverName=""
device.cma.disableTlsForDebug.set="1"
device.cma.disableTlsForDebug="0"
device.ntlm.versionMode.set="1"
device.ntlm.versionMode="v2"
device.logincred.user.set="1"
device.logincred.user=""
device.logincred.domain.set="1"
device.logincred.domain=""
device.logincred.extension.set="1"
device.logincred.extension=""
device.sec.TLS.OCSP.enabled.set="1"
device.sec.TLS.OCSP.enabled="0"
device.sec.TLS.FIPS.enabled.set="1"
device.sec.TLS.FIPS.enabled="0"
device.sec.TLS.protocol.dot1x.set="1"
device.sec.TLS.protocol.dot1x="TLSv1_2"
device.sec.TLS.protocol.syslog.set="1"
device.sec.TLS.protocol.syslog="TLSv1_0"
device.sec.TLS.protocol.prov.set="1"
device.sec.TLS.protocol.prov="TLSv1_0"
device.sec.TLS.profile.cipherSuiteDefault1.set="1"
device.sec.TLS.profile.cipherSuiteDefault1="0"
device.sec.TLS.profile.cipherSuite1.set="1"
device.sec.TLS.profile.cipherSuite1="ALL:!aNULL:!eNULL:!DSS:!SEED:!ECDSA:!IDEA:!MEDIUM:!LOW:!EXP:!DH:!AECDH:!PSK:!SRP:!MD5:!RC4:@STRENGTH"
device.sec.TLS.profile.caCertList1.set="1"
device.sec.TLS.profile.caCertList1="All"
device.sec.TLS.profile.deviceCert1.set="1"
device.sec.TLS.profile.deviceCert1="Platform1"
device.sec.TLS.profile.cipherSuiteDefault2.set="1"
device.sec.TLS.profile.cipherSuiteDefault2="1"
device.sec.TLS.profile.cipherSuite2.set="1"
device.sec.TLS.profile.cipherSuite2=""
device.sec.TLS.profile.caCertList2.set="1"
device.sec.TLS.profile.caCertList2="All"
device.sec.TLS.profile.deviceCert2.set="1"
device.sec.TLS.profile.deviceCert2="Platform2"
device.sec.TLS.syslog.strictCertCommonNameValidation.set="1"
device.sec.TLS.syslog.strictCertCommonNameValidation="1"
device.sec.TLS.profileSelection.syslog.set="1"
device.sec.TLS.profileSelection.syslog="PlatformProfile1"
device.sec.TLS.prov.strictCertCommonNameValidation.set="1"
device.sec.TLS.prov.strictCertCommonNameValidation="1"
device.sec.TLS.profileSelection.provisioning.set="1"
device.sec.TLS.profileSelection.provisioning="PlatformProfile1"
device.sec.TLS.dot1x.strictCertCommonNameValidation.set="1"
device.sec.TLS.dot1x.strictCertCommonNameValidation="0"
device.sec.TLS.profileSelection.dot1x.set="1"
device.sec.TLS.profileSelection.dot1x="PlatformProfile1"
device.sec.coreDumpEncryption.enabled.set="1"
device.sec.coreDumpEncryption.enabled="1"
device.syslog.serverName.set="1"
device.syslog.serverName=""
device.syslog.transport.set="1"
device.syslog.transport="UDP"
device.syslog.facility.set="1"
device.syslog.facility="16"
device.syslog.renderLevel.set="1"
device.syslog.renderLevel="4"
device.syslog.prependMac.set="1"
device.syslog.prependMac="0"
device.sntp.serverName.set="1"
device.sntp.serverName=""
device.sntp.gmtOffset.set="1"
device.sntp.gmtOffset="0"
device.sntp.gmtOffsetcityID.set="1"
device.sntp.gmtOffsetcityID="37"
device.dns.serverAddress.set="1"
device.dns.serverAddress="0.0.0.0"
device.dns.altSrvAddress.set="1"
device.dns.altSrvAddress="0.0.0.0"
device.dns.domain.set="1"
device.dns.domain=""
device.hostname.set="1"
device.hostname=""
device.em.power.set="1"
device.em.power="1"
device.prov.ztpEnabled.set="1"
device.prov.ztpEnabled="0"
device.prov.curlPartialFileError.enabled.set="1"
device.prov.curlPartialFileError.enabled="0"
device.prov.lyncDeviceUpdateEnabled.set="1"
device.prov.lyncDeviceUpdateEnabled="0"
device.prov.lyncDeviceUpdateUser.set="1"
device.prov.lyncDeviceUpdateUser=""
device.prov.lyncDeviceUpdateDomain.set="1"
device.prov.lyncDeviceUpdateDomain=""
device.prov.lyncDeviceUpdateExtension.set="1"
device.prov.lyncDeviceUpdateExtension=""
device.prov.lyncDeviceUpdatePin.set="1"
device.prov.lyncDeviceUpdatePin=""
device.prov.lyncDeviceUpdateCredentialType.set="1"
device.prov.lyncDeviceUpdateCredentialType="1"
device.net.dot1x.enabled.set="1"
device.net.dot1x.enabled="1"
device.net.dot1x.method.set="1"
device.net.dot1x.method="EAP-TLS"
device.net.dot1x.identity.set="1"
device.net.dot1x.identity="nadmin"
device.net.dot1x.anonid.set="1"
device.net.dot1x.anonid=""
device.net.dot1x.eapFastInBandProv.set="1"
device.net.dot1x.eapFastInBandProv="0"
device.ipv6.icmp.genDestUnreachable.set="1"
device.ipv6.icmp.genDestUnreachable="1"
device.ipv6.icmp.echoReplies.set="1"
device.ipv6.icmp.echoReplies="1"
device.ipv6.icmp.ignoreRedirect.set="1"
device.ipv6.icmp.ignoreRedirect="1"
device.ipv6.icmp.txRateLimiting.set="1"
device.ipv6.icmp.txRateLimiting="1000"
device.feature.tr069.enabled.set="1"
device.feature.tr069.enabled="0"
device.tr069.acs.url.set="1"
device.tr069.acs.url=""
device.tr069.acs.username.set="1"
device.tr069.acs.username="PlcmSpIp"
device.tr069.cpe.username.set="1"
device.tr069.cpe.username="PlcmSpIp"
device.tr069.periodicInform.enabled.set="1"
device.tr069.periodicInform.enabled="0"
device.tr069.periodicInform.interval.set="1"
device.tr069.periodicInform.interval="18000"
device.tr069.upgradesManaged.enabled.set="1"
device.tr069.upgradesManaged.enabled="0"
device.tr069.upgradeUrl.set="1"
device.tr069.upgradeUrl=""
device.tr069.upgradeStatus.set="1"
device.tr069.upgradeStatus="DontUpgrade"
device.auxPort.enable.set="1"
device.auxPort.enable="1"
device.theme.set="1"
device.theme="Classic"
device.spProfile.set="1"
device.spProfile="Default"
device.serial.enable.set="1"
device.serial.enable="1"
device.sec.TLS.customCaCert1.set="1"
device.sec.TLS.customCaCert1="certificate removed"
/>
</PHONE_CONFIG>

When I run a packet capture for the phone while it is connecting I get the following.

Extensible Authentication Protocol

   Code: Response (2)

   Id: 2

   Length: 6

   Type: Legacy Nak (Response Only) (3)

   Desired Auth Type: Unknown (0)

 

Type should be eap-tls

 

I am not sure what I am doing wrong.  

 

3 REPLIES 3
HP Recommended

Hello @SSMIC ,

 

Your post ended up in the Spam Filter so I moved this here. Please ensure to use Code Tags when posting logs as explained >here<

 

In addition, you have not provided us with any details of the currently used software version.

 

From our FAQ:

 

Jun 25, 2012 Question: How can I add an 802.1x EAP-PEAPv0/MSCHAPv2 Certificate or use Dot.1x?

Resolution: Please check => here <=

 

Please check the above and also the est of the FAQ


Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

I thought the software version was in the config file.  

C Software Version5.6.0.17325
Updater Version

5.8.0.19248

 

I did follow the document you provided the link to.  I also tried following this document.

Deploying 8021.x EAP-TLS with Polycom VVX phones Part 2/2 (ucprimer.com)

 

The end result is still the same.  For some reason the phone is not sending the correct eap type even though it has been set to eap-tls as indicated in the documentation.  

HP Recommended

Hello @SSMIC ,

 

We cannot assume what is provided is what is actually used. Your software is hopelessly outdated and the latest currently supported version 9as of today) is 5.9.7

 

I suggest you update to a current version and if this still fails you can share some logs from the phone based on the FAQ.

 

Our volunteers may look at them. If this is urgent or no volunteer answers the next step would be opening a support ticket. If the unit is out of warranty PPI/Pay per Incident would be applicable.

 

This is all outlined in the FAQ's

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.