802.1X Authentication; Overview - Cisco 7975G Software Manual
Administration guide for cisco unified communications manager 9.0 (sccp and sip)
Hide thumbs
Also See for 7975G:
- Software manual (227 pages) ,
- Administration manual (217 pages) ,
- Troubleshooting and maintenance (25 pages)
Table of Contents
Advertisement
Cisco Unified IP Phone
Initiator phone
security level
Secure (encrypted)
Nonsecure
Nonsecure
Secure (encrypted)
Secure (encrypted)
802.1X Authentication
These sections provide information about 802.1X support on the Cisco Unified IP Phones:
Overview
Cisco Unified IP Phones and Cisco Catalyst switches traditionally use Cisco Discovery Protocol (CDP) to
identify each other and determine parameters such as VLAN allocation and inline power requirements. CDP
does not identify locally attached workstations. Cisco Unified IP Phones provide an EAPOL pass-through
mechanism. This mechanism allows a workstation attached to the Cisco Unified IP Phone to pass EAPOL
messages to the 802.1X authenticator at the LAN switch. The pass-through mechanism ensures that the IP
phone does not act as the LAN switch to authenticate a data endpoint before accessing the network.
Cisco Unified IP Phones also provide a proxy EAPOL Logoff mechanism. In the event that the locally attached
PC disconnects from the IP phone, the LAN switch does not see the physical link fail, because the link between
the LAN switch and the IP phone is maintained. To avoid compromising network integrity, the IP phone sends
an EAPOL-Logoff message to the switch on behalf of the downstream PC, which triggers the LAN switch to
clear the authentication entry for the downstream PC.
Cisco Unified IP Phones also contain an 802.1X supplicant. This supplicant allows network administrators
to control the connectivity of IP phones to the LAN switch ports. The current release of the phone 802.1X
supplicant uses the EAP-FAST, EAP-TLS, and EAP-MD5 options for network authentication.
Feature used
Join
cBarge
Meet-Me
Meet-Me
Meet-Me
Cisco Unified IP Phone 7975G, 7971G-GE, 7970G, 7965G, and 7945G Administration Guide for Cisco Unified
Security level of
participants
Encrypted or authenticated
All participants are
encrypted
Minimum security level is
encrypted
Minimum security level is
authenticated
Minimum security level is
nonsecure
Communications Manager 9.0 (SCCP and SIP)
802.1X Authentication
Results of action
Secure conference bridge
Conference remains secure
(encrypted or authenticated)
Secure conference bridge
Conference changes to
nonsecure
Initiator receives message
Does not meet
Security Level, call
rejected.
Secure conference bridge
Conference accepts encrypted
and authenticated calls
Only secure conference bridge
available and used
Conference accepts all calls
21
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
