Preview Tool

Cisco Bug: CSCuo47784 - 6921 sip phones fail to authenticate with ACS 5.X with 802.1x

Last Modified

Apr 26, 2014

Products (11)

  • Cisco IP Phone 8800 Series
  • Cisco Unified IP Phone 9951
  • Cisco Unified SIP Phone 3905
  • Cisco Unified IP Phone 6961
  • Cisco Unified IP Phone 6941
  • Cisco Unified IP Phone 8961
  • Cisco Unified IP Phone 8941
  • Cisco Unified IP Phone 9971
  • Cisco Unified IP Phone 8945
  • Cisco Unified IP Phone 6945
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

All the Cisco 78xx phones fail DOT1X authentication with Cisco ACS 5.x when method is set NOT to EAP-TLS 
ACS supports: 

Cisco phone supports: 

Both support EAP-TLS and if we select preferred method on ACS to EAP-TLS all works fine. 
EAP-PEAP has to be preferred method on ACS. The negotiation can never success and looks like that:

EAP-Request, Identity ->

Phone sends only one method - 1st from list its supports 
ACS tries the method which received in NAK if supports this method. If ACS doesn't support the method received in NAK it sends EAP-Failure. 
Negotiation can never success even if there is method that both devices supports.

Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.