Plantronics + Polycom. Now together as Poly Logo

802.1x on HDX

Rayk
Regular Visitor

802.1x on HDX

I am having trouble getting an HDX to connect using 802.1x.

 

We use a Windows Server 2008 NPS (Network Policy Server) as the Radius server via Cisco switches.

 

802.1x is enabled on the codec with a suitable ID and password.

 

I am testing the Polycom HDX’s with the same authentication credentials as the Cisco/Tandberg endpoints which authenticate with no issue.

 

When we run a debug on the Cisco switch, we can see the EAP-Requests being sent from the Switch to the HDX however the HDX never sends back an EAP-Response so Dot1x eventually times out/fails.

 

Am I missing something? Has anyone any experience of configuring this?

Message 1 of 6
5 REPLIES 5
JTaylor
Polycom Employee

Re: 802.1x on HDX

Hello,

 

What version of firmware are the HDX units running?

What type of encryption have you configured EAP to use, PEAP, TLS, TTLS, MD5?

On the Cisco switches do you have CDP enabled?

Message 2 of 6
Rayk
Regular Visitor

Re: 802.1x on HDX

Things have moved on a bit.

 

We have not yet managed to get the HDX to connect but we are making progress.  The debugs on the switch are showing that the HDX is responding to the EAP ID requests but that when the EAPOL responses are forwarded to the RADIUS server it responds with authentication failures.  It looks like either we have a mismatch on authentication methods between the HDX and the  those configured on the RADIUS, server or that we need to use a different format of ID on the HDX (along the lines for example of domain-name/ID).  We are looking at the logs on RADIUS server to see if we can get some clues.

 

It seems the problem with the HDX is that, as there is no way to specify the authentication method to use , it uses a scattergun approach of responding with EAPOL messages for every method it knows in the hope that one of them will mean something to the RADIUS server.

 

We tried this with all versions of software on the HDX from 2.6 and the latest tests are using 3.1.

 

I think that what I need to know now is what needs to be configured in the Network Policy on the Windows NPS server (the RADIUS server in this case) to handle the HDX authentication requests?

Message 3 of 6
Vero
Occasional Advisor

Re: 802.1x on HDX

Hello,

 

I have the same problem with my HDX 7000. I made the autentication with the ID and password and the HDX didn´t send back the response and fails the connection.

 

The HDX's firmware is 3.0.2 and the type of the encryption is EAP - TLS.

 

Somebody can tell me if exist another procedure to make this or if am I making something wrong?

 

Thank you,

 

Message 4 of 6
SteffenBaierUK
Polycom Employee & Community Manager

Re: 802.1x on HDX

Hello all,

 

would you have the information what Version of EAP is being used?

 

If it is EAP Version 3 the HDX does not currently support this.

 

Please raise a ticket via Polycom support and quote VIDEO-107246.

 

Best Regards

 

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 5 of 6
maciej.waniek
Occasional Contributor

Re: 802.1x on HDX

Hello,

 

I'm trying to implemate 802.1x on my HDX and i have problem with that. I'm not able to authenticate with identity and password.

 

 

On RPG series there is no problem with PEAP-MSCHAPv2

 

Did You resolve this isse ?

Message 6 of 6