Cisco 8831NR Administration Manual page 37

Unified ip conference phone

Hide thumbs Also See for 8831NR:

User manual (88 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

Table of Contents

Cisco Unified IP Conference Phone 8831 and 8831NR

802.1X Authentication

Cisco Unified IP Conference Phone supports 802.1X Authentication.

Overview

Cisco Unified IP Phones and Cisco Catalyst switches traditionally use Cisco Discovery Protocol (CDP) to

identify each other and determine parameters such as VLAN allocation and inline power requirements.

Cisco Unified IP Phones also contain an 802.1X supplicant. This supplicant allows network administrators

to control the connectivity of IP phones to the LAN switch ports. The current release of the phone 802.1X

supplicant uses EAP-FAST and EAP-TLS options for network authentication.

Required Network Components

Support for 802.1X authentication on Cisco Unified IP Phones requires several components, including:

Cisco Unified IP Phone

Cisco Secure Access Control Server (ACS) or another other third-party authentication server

Cisco Catalyst Switch or other third-party switch

Best Practices

The following list describes best practices for 802.1X configuration.

• Enable 802.1X Authentication: If you want to use the 802.1X standard to authenticate Cisco Unified IP

• Configure Voice VLAN: Because the 802.1X standard does not account for VLANs, you should configure

• Enter MD5 Shared Secret: If you disable 802.1X authentication or perform a factory reset on the phone,

Security Restrictions

A user cannot barge into an encrypted call if the phone that is used to barge is not configured for encryption.

In this case, a reorder (fast busy) tone plays on the phone from which the barge was initiated.

The phone acts as the 802.1X supplicant, which initiates the request to access the network.

The authentication server and the phone must both be configured with a shared secret that authenticates

the phone.

The switch must support 802.1X, so it can act as the authenticator and pass the messages between the

phone and the authentication server. After the exchange completes, the switch grants or denies the phone

access to the network.

Phones, be sure that you properly configure the other components before enabling it on the phone.

this setting based on the switch support.

• Enabled: If you are using a switch that supports multi-domain authentication, you can continue to

use the voice VLAN.

• Disabled: If the switch does not support multi-domain authentication, disable the Voice VLAN and

consider assigning the port to the native VLAN.

the previously configured MD5 shared secret is deleted.

Cisco Unified IP Conference Phone 8831 and 8831NR Administration Guide

802.1X Authentication

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

8831

Cisco 8831NR Administration Manual page 37

Chapters

Related Manuals for Cisco 8831NR

Related Products for Cisco 8831NR

This manual is also suitable for:

Table of Contents