802.1X Pass-Through And Proxy Logoff; 802.1X Supplicant Operation - Avaya one-X 1603SW Administrator's Manual

Administering Telephone Options

802.1X Pass-Through and Proxy Logoff

1603SW-I SIP IP Deskphones with a secondary Ethernet interface support pass-through of
802.1X packets to and from an attached PC. This enables an attached PC running 802.1X
supplicant software to be authenticated by an Ethernet data switch.
The SIP IP Deskphones support two pass-through modes:
pass-through and
●
pass-through with proxy logoff.
●
The DOT1X parameter setting controls the pass-through mode. In Proxy Logoff mode
(DOT1X=1), when the secondary Ethernet interface loses link integrity, the telephone sends an
802.1X EAPOL-Logoff message to the data switch on behalf of the attached PC. The message
alerts the switch that the device is no longer present. For example, a message would be sent
when the attached PC is physically disconnected from the IP telephone.
Note:
When DOT1X = 0 or 2, the Proxy Logoff function is not supported.
Note:

802.1X Supplicant Operation

1603SW-I SIP IP Deskphones that support Supplicant operation also support Extensible
Authentication Protocol (EAP), but only with the MD5-Challenge authentication method as
specified in IETF RFC 3748 [8.5-33a].
A Supplicant identity (ID) and password of no more than 12 numeric characters are stored in
reprogrammable non-volatile memory. The ID and password are not overwritten by deskphone
software downloads. The default ID is the MAC address of the telephone, converted to ASCII
format without colon separators, and the default password is null. Both the ID and password are
set to defaults at manufacture. EAP-Response/Identity frames use the ID in the Type-Data field.
EAP-Response/MD5-Challenge frames use the password to compute the digest for the Value
field, leaving the Name field blank.
When a deskphone is installed for the first time and 802.1x is in effect, the dynamic address
process prompts the installer to enter the Supplicant identity and password. The deskphone
does not accept null value passwords. See "Dynamic Addressing Process" in the Avaya
one-X™ Deskphone Value Edition SIP for 1603SW-I IP Deskphones Installation and
Maintenance Guide. The deskphone stores 802.1X credentials when successful authentication
is achieved. Post-installation authentication attempts occur using the stored 802.1X credentials,
without prompting the user for ID and password entry.
A deskphone can support several different 802.1X authentication scenarios, depending on the
capabilities of the Ethernet data switch to which it is connected. Some switches may
authenticate only a single device per switch port. This is known as single-supplicant or
90 Avaya 1603SW-I SIP Deskphones Administrator Guide