About Ieee 802.1X - Avaya 9608 Administrator's Manual

Ip deskphone h.323

Hide thumbs Also See for 9608:

Administration (188 pages)

Administrator's manual (176 pages)

User manual (104 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

Administering Deskphone Options

7. Change the 46xxsettings.txt file, to turn on 802.1x authentication, by setting DOT1XSTAT to a

value of 1 or 2.

8. Set the EAPS authentication method to TLS by setting SET DOT1XEAPS TLS in the

46xxsettings.txt file.

9. Clear the phones and then restart the phones to apply the new settings. As the phones

restart the phones start the supplicants with EAP-TLS authentication method.

10. Configure the Layer 2 switches to which you have attached these phones, to support EAP-

TLS on the ports to which you have attached the phones.

Result

The switches prompt the phones to authenticate using EAP-TLS and the phones authenticate using

the enrolled certificates. After setup completes, the phones maintain the configurations across

restarts and upgrades. Depending on the value of MYCERTRENEW, the phones try to renew their

certificates enrollment, periodically. The administrator must monitor pending enrollments.

About IEEE 802.1X

9600 Series IP phones support the IEEE 802.1X standard for Supplicant operation and support

pass-through of 802.1X messages to an attached PC. The system parameter DOT1X determines

how the phones handle pass-through of 802.1X multicast packets and proxy logoff:

• When DOT1X = 0, the phone forwards 802.1X multicast packets from the Authenticator to the

PC attached to the phone and forwards multicast packets from the attached PC to the

Authenticator (multicast pass-through). The phone does not support Proxy Logoff. This is the

default value.

• When DOT1X = 1, the phone supports the same multicast pass-through as when DOT1X=0,

but Proxy Logoff is also supported. When the secondary Ethernet interface loses link integrity,

the phone sends an 802.1X EAPOL-Logoff message to the Authenticator with a source MAC

address from the previously attached device. This message alerts the Authenticator that the

device is no longer connected.

• When DOT1X = 2, the phone forwards multicast packets from the Authenticator only to the

phone, ignoring multicast packets from the attached PC (no multicast pass-through). The

phone does not support Proxy Logoff.

• Regardless of the DOT1X setting, the phone always properly directs unicast packets from the

Authenticator to the phone or its attached PC as specified by the destination MAC address in

the packet.

All 9600 Series IP phones support Supplicant operation as specified in IEEE 802.1X, but, as of

software Release 2.0, only if the value of the parameter DOT1XSTAT is 1 or 2. If DOT1XSTAT has

any other value, the phone does not support Supplicant operation.

Unicast 802.1X frames contain the MAC address of the phone as the destination MAC address and

a protocol type of 88-8E hex. IP phones respond to unicast 802.1X frames received on the Ethernet

line interface if the value of DOT1XSTAT is 1 or 2.

Administering 9608/9608G/9611G/9621G/9641G IP Deskphones H.323

Comments? infodev@avaya.com

June 2014

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

9608g 9611g 9621g 9641g

About Ieee 802.1X - Avaya 9608 Administrator's Manual

About IEEE 802.1X

Hide quick links:

Related Manuals for Avaya 9608

Related Content for Avaya 9608

This manual is also suitable for:

Table of Contents