Manualshelf

Specifications

ManualsBrandsMitel ManualsTelephone5560 IPT none
361362363364365366367368369370
VoIP Security
347
the port could be opened to a guest VLAN
the port could be shut down.
When a PC is connected to a port, it will be interrogated in the same manner as the phones,
and user input will be required. The same results will likely occur.
Typically, 802.1X will only allow a single device to be authenticated and connected to a port.
This restricts how devices can be connected into the network infrastructure. Where a network
port only supports a single connected device, then, for full authentication, only a phone or a
PC should be connected to this port. If it is required that both a phone and a PC must be
connected, then only the phone should provide authentication. If authentication is provided only
by the PC and the PC isn’t present, the phone may not work.
Not all network access devices place single device restrictions on connected devices. HP
switches allow multiple devices to be connected and authenticated on a single port. With Cisco
switches, where the IP Phone uses the Auxilliary_VLAN setting, both an IP Phone and a
connected PC can operate off the same port.
A PC connected behind a phone may need to authenticate access. Failure to do this correctly
may result in the network port being shut down. This may result in the IP Phone also being
disconnected. Ideally, the PC should be programmed with the necessary information for 802.1X
authentication through the “PC Network Properties.” If not, then it is possible that the PC could
fail the authentication time-out at the port or at subsequent authorization requests. It may also
be necessary to connect the PC to the phone after the phone has authenticated the connection.
An 802.1X port may be configured to request authentication only at startup of the network port
and this may include regular authentication retries.
Because authentication is based on a network port becoming active, it is possible, with some
network switches, that an unauthorized device could be connected behind an IP Phone once
the IP Phone has itself gained access to the port. Therefore, it is recommended that you enable
the re-authentication response to regularly check access to the port and identify such
connections. The default time is often of the order of 3600 seconds.
A phone that supports 802.1X will indicate, during power up, that it is attempting 802.1X
authentication. It is possible to disable 802.1X via a CONFIG application menu under Tools
and Features. This menu also allows you to delete any stored usernames and passwords.
For details on 802.1X, refer to the "802.1X EAP - MD5 Authentication Protocol Support"
Knowledge Base article on Mitel OnLine.
Note: Some vendors, Hewlet Packard, for example, manufacture switches that support
multiple instances of 802.1X for devices that are connected to the same port. In this case,
you can enable support on both devices without risking access conflicts.