Cisco Systems 8851 Manual De Usuario
• Cisco Secure Access Control Server (ACS) (or other third-party authentication server): The authentication
server and the phone must both be configured with a shared secret that authenticates the phone.
• Cisco Catalyst Switch (or other third-party switch): The switch must support 802.1X, so it can act as
the authenticator and pass the messages between the phone and the authentication server. After the
exchange completes, the switch grants or denies the phone access to the network.
exchange completes, the switch grants or denies the phone access to the network.
You must perform the following actions to configure 802.1X.
• Configure the other components before you enable 802.1X Authentication on the phone.
• Configure PC Port: The 802.1X standard does not consider VLANs and thus recommends that only a
single device should be authenticated to a specific switch port. However, some switches (including Cisco
Catalyst switches) support multidomain authentication. The switch configuration determines whether
you can connect a PC to the PC port of the phone.
Catalyst switches) support multidomain authentication. The switch configuration determines whether
you can connect a PC to the PC port of the phone.
◦Enabled: If you are using a switch that supports multidomain authentication, you can enable the
PC port and connect a PC to it. In this case, Cisco IP Phones support proxy EAPOL-Logoff to
monitor the authentication exchanges between the switch and the attached PC. For more information
about IEEE 802.1X support on the Cisco Catalyst switches, see the Cisco Catalyst switch
configuration guides at:
monitor the authentication exchanges between the switch and the attached PC. For more information
about IEEE 802.1X support on the Cisco Catalyst switches, see the Cisco Catalyst switch
configuration guides at:
◦Disabled: If the switch does not support multiple 802.1X-compliant devices on the same port, you
should disable the PC Port when 802.1X authentication is enabled. If you do not disable this port
and subsequently attempt to attach a PC to it, the switch denies network access to both the phone
and the PC.
and subsequently attempt to attach a PC to it, the switch denies network access to both the phone
and the PC.
• Configure Voice VLAN: Because the 802.1X standard does not account for VLANs, you should configure
this setting based on the switch support.
◦Enabled: If you are using a switch that supports multidomain authentication, you can continue to
use the voice VLAN.
◦Disabled: If the switch does not support multidomain authentication, disable the Voice VLAN and
consider assigning the port to the native VLAN.
• Enter MD5 Shared Secret: If you disable 802.1X authentication or perform a factory reset on the phone,
the previously configured MD5 shared secret is deleted.
Related Topics
Network Protocols, on page 8
Access 802.1X Authentication
You can access the 802.1X authentication settings by following these steps:
Cisco IP Phone 8811, 8841, 8851, and 8861 Administration Guide for Cisco Unified Communications Manager
10.5
140
Supported Security Features