User's Manual
422 Features
Table 100
IP Phone authentication methods
Authentication method IP Phone
EAP MD5 IP Phone 2001, IP Phone 2002, IP Phone 2004, IP Audio
Conference Phone 2033, IP Phone 1210, IP Phone 1220,
IP Phone 1230, IP Phone 2007, IP Phone 1110, IP Phone
1120E, IP Phone 1140E, IP Phone 1150E, and IP Phone
1165E
EAP PEAP, EAP TLS IP Phone 1210, IP Phone 1220, IP Phone 1230, IP Phone
2007, IP Phone 1110, IP Phone 1120E, IP Phone 1140E, IP
Phone 1150E, and IP Phone 1165E
EAP-TLS requires root and device certificates while EAP-PEAP requires a
root certificate only.
If you configure EAP-TLS, then the root and device certificate must first be
installed on the phone. The Certificate Authority (CA), Domain Name, and
Hostname (optional) must be configured on the phone. After configuration,
the phone uses Simple Certificate Enrollment Protocol (SCEP) to request
the root and devices certificates from the CA Server. To install the root
certificate, you can be prompted to accept the root certificate fingerprint.
You can permanently save the root certificate and the device certificate in
the trusted certificate store.
It is possible to install more than one customer root certificate on the
phone if more than once Certificate Authority is used.
The IP Phone sends a request to server to obtain a root certificate and a
device certificate.
If you configure EAP-PEAP, the root certificate extracts from the
configuration file and stores in the trusted certificate store.
If the certificate installation fails, EAP-TLS or EAP-PEAP does not
initialize. The IP Phone does not authenticate and cannot access the
network.
802.1ab Link Layer Discovery Protocol
802.1ab Link Layer Discovery Protocol is available for the following IP
Phones
• IP Phone 2001
• IP Phone 2002
• IP Phone 2004
• IP Phone 2007
• IP Phone 1110
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.