Nortel 1110 User Guide
456
Appendix C 802.1x Port-based network access control
802.1x defines the following three roles
•
Supplicant—an IP Phone which requires access to the network to use
network services.
network services.
•
Authenticator—the network entry point to which the supplicant physically
connects (typically a Layer 2/3 switch). The authenticator acts as
the proxy between the supplicant and the authentication server. The
authenticator controls access to the network based on the authentication
status of the supplicant.
connects (typically a Layer 2/3 switch). The authenticator acts as
the proxy between the supplicant and the authentication server. The
authenticator controls access to the network based on the authentication
status of the supplicant.
•
Authentication server—performs authentication of the supplicant.
Authorization
If 802.1x is configured and the IP Phone is physically connected to the
network, the IP Phone (supplicant) initiates 802.1x authentication by
contacting the Layer 2/3 switch (authenticator). The IP Phone also initiates
802.1x authentication after the Ethernet connection (network interface only)
is restored following a network link failure. However, if the phone resets,
the IP Phone assumes the Layer 2 link has remained in service and is
authenticated. The IP Phone fails to authorize if the DeviceID and the IP
Phone passwords do not match the DeviceID and IP Phone password
provisioned on the RADIUS Server. The Layer 2 switch (authenticator)
locks out the IP Phone and network access is denied. If this happens
during reauthorization, all IP Phone services are lost. The connected PC
operates as normal.
network, the IP Phone (supplicant) initiates 802.1x authentication by
contacting the Layer 2/3 switch (authenticator). The IP Phone also initiates
802.1x authentication after the Ethernet connection (network interface only)
is restored following a network link failure. However, if the phone resets,
the IP Phone assumes the Layer 2 link has remained in service and is
authenticated. The IP Phone fails to authorize if the DeviceID and the IP
Phone passwords do not match the DeviceID and IP Phone password
provisioned on the RADIUS Server. The Layer 2 switch (authenticator)
locks out the IP Phone and network access is denied. If this happens
during reauthorization, all IP Phone services are lost. The connected PC
operates as normal.
For information about configuring EAP, see the applicable IP Phone section
in this document.
in this document.
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368
01.02
Standard
Release 5.0
20 June 2007
Copyright © 2003–2007, Nortel Networks
.