Chapter 5: security and qos – Avaya 3631 User Manual

3631 Wireless Telephone Administrator Guide

22

Chapter 5: Security and QoS

Security

The following security methods are supported on the 3631 telephone:
• WEP

– 40-bit and 128-bit encryption

• WPA --Temporal Key Integrity Protocol (TKIP)

– With Pre-Shared Key (PSK)
– With 802.1X Authentication

• WPA2 —Advanced Encryption Standard (AES)

– With Pre-Shared Key (PSK)
– With 802.1X Authentication

The following EAP methods are supported in conjunction with 802.1X authentication:
• EAP-TLS
• PEAPv0/EAP-MSCHAPV2
• PEAPv1/EAP-GTC
• LEAP
• TTLS-CHAP
• TTLS-MD5
• TTLS-MSCHAP
• TTLS-MSCHAPV2

Installing Digital Certificates

The 3631 telephone supports installation of digital CA certificates as well as a digital
device certificate/private key for use with 802.1X authentication.

All certificates must be in PEM format. The certificates must have the following
filenames:

• cacert1.pem—the CA certificate associated with the first Access Profile

• cacert2.pem—the CA certificate associated with the second Access Profile

• cacert3.pem—the CA certificate associated with the third Access Profile
• user_cert.pem—the user/device certificate for the phone. Required for EAP-TLS

authentication

• private_key.pem—private key for the phone. Required for EAP-TLS

authentication

• private_key_passwd.txt—file containing the password used to encrypt/decrypt the

private key. Required for EAP-TLS authentication

CA certificates may be downloaded to the telephone through either of the following
methods:

• Automatically over-the-air via the TRUSTCERTS parameter in a 46xxsettings.txt

file

• Manually from a PC via the USB cable