Manualshelf

Specifications

ManualsBrandsMitel ManualsTelephone5560 IPT none
351352353354355356357358359360
Engineering Guidelines
346
Authentication Protocol Support
A number of networks now support a level of access restriction to the network ports. A device
that connects to one of these ports needs to be authenticated as valid before connections can
be established. There are a number of protocols that can do this, including:
Cisco VMPS
802.1X
The Cisco VMPS is described in “VMPS, CDP, and Location Change Indication (E911)” on
page 247.
Mitel implements phone authentication that requires a unique association of MAC addresses
and IP and user-entered PIN registration numbers. Additionally, desktop software downloads
are encrypted. Mitel also provides 802.1X authentication for desktops, and that supports the
Extensible Authentication Protocol (EAP) using EAP-MD5 challenge authentication to a
RADIUS Server. Users authenticate through the phone interface by entering a username and
password.
Dual Port Phones
A number of Mitel's IP phones are dual port, meaning that there are two ethernet ports on the
phone. One ethernet port is used to connect to the LAN. The other ethernet port can be used
to connect a PC to the network via the phone, this capability is useful in environments where
the phone and the PC need to share a single ethernet connection.
As of MCD 4.1 a COS option is provided that can be used by the System Administrator to
disable the second ethernet port on dual port phones, which in turn will bar unauthorized access
at the second ethernet port. The default condition is for all second ethernet ports to be enabled;
for details on how to set a COS option to disable secondary ethernet ports on IP phones, refer
to the System Administration Tool Help for MiVoice Business.
IEEE 802.1X
The IEEE 802.1X standard is similar in operation to VMPS, but uses a RADIUS Server for
authentication. Devices that authenticate through 802.1X require an identification name and
password before being allowed access.
There are a number of protocols that are used to establish the initial connection. Mitel end
devices ("supplicants") support the EAP-MD5 protocol.
If the administrator configures the L2 Switch for port access control, the connected IP Phone
will prompt the user for an account name and password if one has not already been entered
or if the information saved in the phone is invalid. Based on the response,
the port may be opened for access
the VLAN settings may change