Configure 802.1x Authentication

This section provides information on installing the Real Presence Group Series system on a network that uses 802.1x.

Prerequisite

  • Complete the setup wizard using the local interface and the remote control so that you can enter the 802.1x credentials, which then allows the system to connect to the network.
  • Connect the system to a local network that does not use 802.1x so you can use the web interface to complete the setup wizard. After you complete the wizard settings and enter the 802.1x credentials, you can connect the system to the network that uses 802.1x authentication.

Procedure

  1. From the system local interface, go to Admin Settings > LAN Properties > Enable 802.1x.
    Specifies whether EAP/802.1x network access is enabled.
    1. Identity: Specifies the system’s identity used for 802.1x authentication. This setting is available only when EAP/802.1x is enabled.
    2. Password: Specifies the system’s password used for 802.1x authentication. This setting is required when EAP/802.1x is enabled. The field cannot be blank.
  2. A root CA certificate must be installed on the RealPresence Group Series system(client) – It will be used to validate the server certificate to send the EAP-TLS handshake.
  3. A client certificate must be installed on the Real Presence Group Series system (client) – it will be sent in the EAP-TLS handshake by Real Presence Group Series system. There are two possible ways:
    • CSR Method
      1. Generate CSR by providing the options in Real Presence Group Series web user interface.
      2. CSR can be uploaded to a designated place (Private key cannot be uploaded).
      3. CSR is signed by the CA resulting in certificate. Note this CA must be installed on the AAA server to validate the client certificate.
      4. Install the certificate from Real Presence Group Series web user interface.
    • SCEP

      This will eliminate all the manual procedure in the CSR Method. However, this needs the infrastructure support: SCEP Server (For eg: SCEP service enabled on Microsoft Network Device Enrollment Service or Cisco Identity Services Engine), Switch that can facilitate automatic fallback to staging network (in which SCEP certs are provisioned) and AAA server.