12.1.2 802.1X authentication of Yealink devices in the SwyxWare environment
If you use certified SIP devices from Yealink, you have the option of further protecting access to your network.
The connected end devices can authenticate themselves via 802.1x protocol. Authentication against the authentication server is performed on Layer 2 (OSI).
Configuration on devices
The Yealink devices must be configured to use the IEEE 802.1X protocol.
Select <Terminal Model> | User & Administrator | Yealink 802.1X Authentication_VX_X.pdf.
Provisional provisioning network
If you are using a certificate-based authentication protocol such as EAP-TLS, you should set up an Initial Provision Network to upload certificates and configuration files to the endpoints. Further information can be found in the manufacturer documentation mentioned above.
The required configuration files are provided via HTTP server for downloading by the mobile devices. Make sure that the corresponding server URL is made known to the end devices via DHCP option 43.
Company network with 802.1X authentication
After the configuration files have been downloaded to the end devices and the certificates installed, the end devices are ready for authentication in the 802.1X-protected network. After 802.1X network authentication, endpoints are automatically configured via DCF provisioning service to SwyxWare.
Changing the certificate URL
In some cases, e.g. in case of changes in the network infrastructure, it may be necessary to change the certificate URL afterwards.
| While the configuration is being updated, the telephony function on the corresponding Desk Phones is not available for some time. |
To change the certificate URL using a provisioning file
To change the certificate URL via Swyx PowerShell module
The connection to SwyxServer must be established.
1 Start the Swyx PowerShell module.
2 Extract the existing configuration from the SwyxWare database in a local folder with the following command:
Export-IpPbxYealinkConfigFile -Path <your local path>
for example
Export-IpPbxYealinkConfigFile -Path C:\
3 Open the configuration file "common.cfg" in a text editor.
4 Add the following lines to the end of the file:
static.network.802_1x.root_cert_url = <URL for the server certificate>
static.network.802_1x.client_cert_url = <URL for the client certificate>
for example
static.network.802_1x.root_cert_url = http://192.168.2.51/ca_cert.pem
static.network.802_1x.client_cert_url = http://192.168.2.51/client_cert.pem
5 Save the file.
6 Import the file via Swyx PowerShell module with the following command:
Import-IpPbxYealinkConfigFile -FilePath <full path of the modified configuration file>
for example
Import-IpPbxYealinkConfigFile -FilePath C:\common.cfg
7 Confirm the execution of the command.
According to the autoprovisioning schedule, the new configuration file is uploaded to the end devices.
After the certificates have been downloaded, the end devices are restarted and re-registered.