Digium A-Series phones do not perform 802.1X authentication by default. A-Series phones are also not capable of performing automatic logoff of PC-port attached clients.
All released A-Series firmwares provide some form of 802.1X capability.
A20, A22 and A25 models only support EAP-MD5 authentication. A30 models also support EAP-TLS and PEAP-MSCHAPv2.
Client certificates must contain both the private key and the certificate within the PEM or CER file.
Root Certificates have been tested in PEM, DER, CRT and CER format.
For methods where it's optional to validate the CA certificate of the Authenticator, it's highly recommended to do so for security reasons.
To configure EAP-MD5 for the phone, users should set the following:
With this method set, a user must supply their username and their password.
To configure EAP-PEAPv0/MSCHAPv2, users should set:
This sets the method to EAP-PEAPv0/MSCHAPv2 and passes in the supplied username and password.
It is also possible for the phone to validate the CA certificate of the server. If this behavior is desired, the following options should be set:
To configure EAP-TLS, users should set:
EAP-TLS requires an identity (username and password), a CA cert and a client certificate. The certificates should be uploaded to the phone using the phone's web UI.