IEEE 802.1X

802.1X Pass-Through and Proxy Logoff

As of Release 2.2.3, IP telephones support pass-through of 802.1x packets to and from an attached PC. This enables an attached PC running 802.1x supplicant software to be authenticated by an Ethernet data switch.

As of release 2.6, the IP Telephones support two pass-through modes:

pass-through and

pass-through with proxy logoff.

The DOT1X parameter setting controls the pass-through mode. In Proxy Logoff mode (DOT1X=1), when the secondary Ethernet interface loses link integrity, the telephone sends an 802.1X EAPOL-Logoff message to the data switch on behalf of the attached PC. The message alerts the switch that the device is no longer present. For example, a message would be sent when the attached PC is physically disconnected from the IP telephone. When DOT1X = 0 or 2, the Proxy Logoff function is not supported.

802.1X Supplicant Operation

As of Release 2.6, the 4602SW+, 4610SW, 4620SW, 4621SW, and 4622SW IP Telephones support Supplicant operation.

IP telephones that support Supplicant operation also support Extensible Authentication Protocol (EAP), but only with the MD5-Challenge authentication method as specified in IETF RFC 3748 [8.5-33a].

A Supplicant identity (ID) and password of no more than 12 numeric characters are stored in reprogrammable non-volatile memory. The ID and password are not overwritten by telephone software downloads. The default ID is the MAC address of the telephone, converted to ASCII format without colon separators, and the default password is null. Both the ID and password are set to defaults at manufacture. EAP-Response/Identity frames use the ID in the Type-Data field. EAP-Response/MD5-Challenge frames use the password to compute the digest for the Value field, leaving the Name field blank.

When a telephone is installed for the first time and 802.1x is in effect, the dynamic address process prompts the installer to enter the Supplicant identity and password. The IP telephone does not accept null value passwords. See “Dynamic Addressing” in the 4600 Series IP Telephone Installation Guide. The IP telephone stores 802.1X credentials when successful authentication is achieved. Post-installation authentication attempts occur using the stored 802.1X credentials, without prompting the user for ID and password entry.

An IP telephone can support several different 802.1X authentication scenarios, depending on the capabilities of the Ethernet data switch to which it is connected. Some switches may authenticate only a single device per switch port. This is known as single-supplicant or port-based operation. These switches typically send multicast 802.1X packets to authenticating devices.

Issue 4 August 2006 95

Page 95
Image 95
Avaya 4600 manual 802.1X Pass-Through and Proxy Logoff, 802.1X Supplicant Operation

4600 specifications

The Avaya 4600 series is a line of IP telephones designed for enterprise communication. Known for its robust features and reliability, the 4600 series has been widely adopted in various business environments, from small companies to large corporations.

One of the standout features of the Avaya 4600 series is its support for Voice over Internet Protocol (VoIP). This enables businesses to make voice calls over the internet, which can significantly reduce telecommunications costs. The integration of VoIP technology also allows for seamless communication across different locations, making it ideal for businesses with multiple branches or remote employees.

The design of the Avaya 4600 series phones is user-friendly, featuring a clear display and an intuitive interface. Users can easily navigate through various options, making calls, accessing voicemail, and managing contacts a straightforward task. Many models in the series include customizable soft keys, which allow individuals to tailor the phone's functions to their specific needs. This flexibility is crucial in environments where employees need to quickly adjust their communications settings.

Another key characteristic is the high-quality audio. The Avaya 4600 series incorporates advanced audio technologies that ensure clear and crisp sound quality during calls. This is essential for effective communication, particularly in large meetings or conference calls where clarity is vital.

The Avaya 4600 series also supports various network protocols, including Session Initiation Protocol (SIP), providing compatibility with a wide range of network infrastructures and allowing organizations to choose the system that best fits their needs. This versatility makes the 4600 series an appealing choice for businesses looking to future-proof their communication systems.

Security is a major consideration in any enterprise communication solution, and Avaya has incorporated features in the 4600 series to protect against unauthorized access and cyber threats. Encryption protocols help safeguard call data, ensuring that sensitive business information remains secure.

In terms of deployment, the Avaya 4600 series can be easily integrated into existing networks, as well as managed remotely, which simplifies the installation and maintenance process. This feature is particularly beneficial for large enterprises that require scalability across multiple locations.

Overall, the Avaya 4600 series combines advanced technology, user-friendly design, and comprehensive security measures to provide a reliable and effective communication solution for businesses. As enterprises continue to adapt to a rapidly changing communication landscape, the Avaya 4600 series remains a strong contender for organizations seeking to enhance their telecommunications infrastructure.