Nortel 2001 Installation And Operation Manual page 362

Page 362 of 430
Authorization
Enabling and disabling EAP
553-3001-368 Standard 7.00
Appendix C: 802.1x Port-based network access control
• Authenticator — the network entry point to which the supplicant
physically connects (typically a Layer 2/3 switch). The authenticator acts
as the proxy between the supplicant and the authentication server.
The authenticator controls access to the network based on the
authentication status of the supplicant.
• Authentication server — performs authentication of the supplicant.
If 802.1x is configured and the IP Phone is physically connected to the
network, the IP Phone (supplicant) initiates 802.1x authentication by
contacting the Layer 2/3 switch (authenticator). The IP Phone also initiates
802.1x authentication after the Ethernet connection (network interface only)
is restored following a network link failure.
However, if the phone resets, the IP Phone assumes the Layer 2 link has
remained in service and is authenticated.
The IP Phone fails to authorize if the DeviceID and the IP Phone passwords
do not match the DeviceID and IP Phone password provisioned on the
RADIUS Server. The Layer 2 switch (authenticator) locks out the IP Phone
and network access is denied. If this happens during reauthorization, all
phone services are lost. The connected PC operates as normal.
The following section provides steps to enable and disable EAP on the
IP Phone.
Procedure 55
Enable the 802.1x supplicant
1 Reset the phone by disconnecting and reconnecting power.
2 When the Nortel logo appears, press each of the soft keys in sequence.
For information on configuring the IP Phone 2001, see Procedure 2 on
page 41, "Installing an IP Phone 2001 for the first time using manual
configuration" on
August 2005
page 41".