If you use certified SIP devices from Yealink, you have the option of further protecting access to your network.

The connected end devices can authenticate themselves via 802.1x protocol. Authentication against the authentication server is performed on Layer 2 (OSI).

The Yealink devices must be configured to use the IEEE 802.1X protocol.

Refer to the manufacturer's documentation at http://support.yealink.com/documentFront/forwardToDocumentFrontDisplayPage for details of the appropriate configuration.

Select <Terminal Model> | User & Administrator | Yealink 802.1X Authentication_VX_X.pdf.

If you are using a certificate-based authentication protocol such as EAP-TLS, you should set up an Initial Provision Network to upload certificates and configuration files to the endpoints. Further information can be found in the manufacturer documentation mentioned above.

The required configuration files are provided via HTTP server for downloading by the mobile devices. Make sure that the corresponding server URL is made known to the end devices via DHCP option 43.

The URL for root and client certificate is noted in the configuration file, see also Changing the certificate URL.

After the configuration files have been downloaded to the end devices and the certificates installed, the end devices are ready for authentication in the 802.1X-protected network. After 802.1X network authentication, endpoints are automatically configured via DCF provisioning service to SwyxWare.