Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya Communication Server 1000 IP Phones Fundamentals
421422423424425426427428429430
Network features 421
802.1x Port-based network access control
802.1x defines the following three roles
Supplicant—an IP Phone which requires access to the network to use
network services.
Authenticator—the network entry point to which the supplicant
physically connects (typically a Layer 2/3 switch). The authenticator
acts as the proxy between the supplicant and the authentication
server. The authenticator controls access to the network based on the
authentication status of the supplicant.
Authentication server—performs authentication of the supplicant.
Extensible Authentication Protocol
Extensible Authentication Protocol (EAP) supports multiple authentication
methods, such as EAP-PEAP, EAP-MD5, and EAP-TLS and represents
a technology framework that facilitates the adoption of Authentication,
Authorization, and Accounting (AAA) schemes, such as Remote
Authentication Dial In User Service (RADIUS). RADIUS is defined in RFC
2865.
Authorization If 802.1x is configured and the IP Phone is physically
connected to the network, the IP Phone (supplicant) initiates 802.1x
authentication by contacting the Layer 2/3 switch (authenticator). The IP
Phone also initiates 802.1x authentication after the Ethernet connection
(network interface only) is restored following a network link failure.
However, if the phone resets, the IP Phone resets then reinitiates a
reauthentication. The IP Phone fails to authorize if the credentials that the
IP Phone presents do not authenticate. Each EAP type requires different
credentials. The Layer 2 switch (authenticator) locks out the IP Phone
and network access is denied. If this happens during reauthorization, all
IP Phone services are lost.
The connected PC operates as normal if MHMA is properly configured on
the Layer 2 switch and if the PC successfully authenticates using EAP.
Otherwise, the PC disconnects from the network, as well.
If EAP is enabled, multihost must be configured on the Layer 2 switch
or PC cannot connect. If MHMA is properly configured, the PC must
authenticate, as well. If MHSA is configured, the IP Phone and the PC
cannot authenticate and the PC is blocked.
Authentication methods Table 100 "IP Phone authentication methods"
(page 422) shows the authentication methods and the IP Phone it
supports.
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.