Manualshelf

System information

ManualsBrandsBoots ManualsGadgetsCS-1000
381382383384385386387388389390
388 Features
If 802.1x is configured and the IP Phone is physically connected to the
network, the IP Phone (supplicant) initiates 802.1x authentication by
contacting the Layer 2/3 switch (authenticator). The IP Phone also initiates
802.1x authentication after the Ethernet connection (network interface
only) is restored following a network link failure. However, if the phone
resets, the IP Phone resets then reinitiates a reauthentication. The IP
Phone fails to authorize if the credentials that the IP Phone presents do
not authenticate. Each EAP type requires different credentials. The Layer
2 switch (authenticator) locks out the IP Phone and network access is
denied. If this happens during reauthorization, all IP Phone services are
lost.
The connected PC operates as normal if MHMA is properly configured on
the Layer 2 switch and if the PC successfully authenticates using EAP.
Otherwise, the PC disconnects from the network, as well.
If EAP is enabled, multihost must be configured on the Layer 2 switch
or PC cannot connect. If MHMA is properly configured, the PC must
authenticate, as well. If MHSA is configured, the IP Phone and the PC
cannot authenticate and the PC is blocked.
Authentication methods
Table 86 "IP Phone authentication methods" (page 388) shows the
authentication methods and the IP Phone it supports.
Table 86
IP Phone authentication methods
Authentication method IP Phone
EAP MD5 IP Phone 2001, IP Phone 2002, IP Phone 2004, IP Audio
Conference Phone 2033, IP Phone 1210, IP Phone 1220,
IP Phone 1230, IP Phone 2007, IP Phone 1110, IP Phone
1120E, IP Phone 1140E, and IP Phone 1150E
EAP PEAP, EAP TLS IP Phone 1210, IP Phone 1220, IP Phone 1230, IP Phone
2007, IP Phone 1110, IP Phone 1120E, IP Phone 1140E, and
IP Phone 1150E
EAP-TLS requires root and device certificates while EAP-PEAP requires a
root certificate only.
If you configure EAP-TLS, then the root and device certificate must first be
installed on the phone. The Certificate Authority (CA), Domain Name, and
Hostname (optional) must be configured on the phone. After configuration,
the phone uses Simple Certificate Enrollment Protocol (SCEP) to request
the root and devices certificates from the CA Server. To install the root
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.02 26 May 2009
Copyright © 2003-2009 Nortel Networks. All Rights Reserved.
.