802.1X Supplicant Operation - Avaya 9601 Administering

9600 series

Hide thumbs Also See for 9601:

Instructions manual (94 pages)

User manual (92 pages)

Installing and maintaining (90 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

page of 143

/ 143
Contents
Table of Contents
Bookmarks

Table of Contents

Administering deskphone options

802.1X supplicant operation

9600 Series IP Deskphones that support supplicant operation also support Extensible

Authentication Protocol (EAP). For software Release 6.1 and earlier, only the MD5-Challenge

authentication method is supported. For more information about the MD5–Challenge authentication,

see IETF RFC 3748.

A supplicant identity (ID) and password of not more than 12 numeric characters are stored in

reprogrammable non-volatile memory. The phone software downloads do not overwrite the ID and

password. The default ID is the MAC address of the phone, converted to ASCII format without colon

separators, and the default password is null. Both the ID and password are set to default values at

manufacture. EAP-Response/Identity frames use the ID in the Type-Data field. EAP-Response/

MD5-Challenge frames use the password to compute the digest for the Value field, leaving the

Name field blank.

When you install a phone for the first time and 802.1x is in effect, the dynamic address process

prompts the installer to enter the supplicant identity and password. The IP phone does not accept

null value passwords.

The IP deskphone stores 802.1X credentials when the phone achieves successful authentication.

Post-installation authentication attempts occur using the stored 802.1X credentials, without

prompting the user for ID and password entry.

An IP deskphone can support several different 802.1X authentication scenarios, depending on the

capabilities of the Ethernet data switch to which the deskphone is connected. Some switches might

authenticate only a single device per switch port. This operation is known as single-supplicant or

port-based operation. These switches usually send multicast 802.1X packets to authenticating

devices.

These switches support the following three scenarios:

• Standalone phone (Deskphone Only Authenticates) - When you configure the IP phone for

supplicant mode (DOT1XSTAT=2), the phone can support authentication from the switch.

• Phone with attached PC (Deskphone Only Authenticates) - When you configure the IP phone

for supplicant mode (DOT1X=2 and DOT1XSTAT=2), the phone can support authentication

from the switch. The attached computer in this scenario gains access to the network without

being authenticated.

• Deskphone with attached computer (PC Only Authenticates) - When the IPdeskphone is

configured for Pass-Through Mode or Pass-Through Mode with Logoff (DOT1X=0 or 1 and

DOT1XSTAT=0), an attached PC running 802.1X supplicant software can be authenticated by

the data switch. The phone in this scenario gains access to the network without authentication.

Some switches support authentication of multiple devices connected through a single switch port.

This operation is known as multi-supplicant or MAC-based operation. These switches usually send

Administering Avaya 9601/9608/9611G/9621G/9641G/9641GS IP Deskphones SIP

on page 88

Comments on this document? infodev@avaya.com

August 2015

Table of Contents

This manual is also suitable for:

9611g 9621g 9641g 9641gs 9608

802.1X Supplicant Operation - Avaya 9601 Administering

802.1X supplicant operation

Related Manuals for Avaya 9601

Related Content for Avaya 9601

This manual is also suitable for:

Table of Contents