Avaya Administering Telephone Options for 1600 Series IP Telephones

Administering Telephone Options

Note:

If the Ethernet line interface link fails, the 802.1X Supplicant, if enabled, enters the Disconnected state. The 802.1X Supplicant variable userLogoff normally has a value of FALSE. This variable will be set to TRUE before the telephone drops the link on the Ethernet line interface (and back to FALSE after the link has been restored). The userLogoff variable may also be briefly set to TRUE to force the Supplicant into the LOGOFF state when new credentials are entered.

802.1X Pass-Through and Proxy Logoff

1600 Series IP Telephones with a secondary Ethernet interface support pass-through of 802.1X packets to and from an attached PC. This enables an attached PC running 802.1X supplicant software to be authenticated by an Ethernet data switch.

The IP Telephones support two pass-through modes:

●pass-through and

●pass-through with proxy logoff.

The DOT1X parameter setting controls the pass-through mode. In Proxy Logoff mode (DOT1X=1), when the secondary Ethernet interface loses link integrity, the telephone sends an 802.1X EAPOL-Logoff message to the data switch on behalf of the attached PC. The message alerts the switch that the device is no longer present. For example, a message would be sent when the attached PC is physically disconnected from the IP telephone. When DOT1X = 0 or 2, the Proxy Logoff function is not supported

802.1X Supplicant Operation

1600 IP Telephones that support Supplicant operation also support Extensible Authentication Protocol (EAP), but only with the MD5-Challenge authentication method as specified in IETF RFC 3748 [8.5-33a].

A Supplicant identity (ID) and password of no more than 12 numeric characters are stored in reprogrammable non-volatile memory. The ID and password are not overwritten by telephone software downloads. The default ID is the MAC address of the telephone, converted to ASCII format without colon separators, and the default password is null. Both the ID and password are set to defaults at manufacture. EAP-Response/Identity frames use the ID in the Type-Data field. EAP-Response/MD5-Challenge frames use the password to compute the digest for the Value field, leaving the Name field blank.

When a telephone is installed for the first time and 802.1x is in effect, the dynamic address process prompts the installer to enter the Supplicant identity and password. The IP telephone does not accept null value passwords. See “Dynamic Addressing Process” in the Avaya 1600 Series IP Deskphones Installation and Maintenance Guide. The IP telephone stores 802.1X credentials when successful authentication is achieved. Post-installation authentication

78 Avaya 1600 Series IP Deskphones Administrator Guide