Name: Cisco 7906G
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Chapter 1 An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

1-20

Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified CallManager 5.1

OL-11515-01

authenticator in the LAN switch. This capability prevents the IP phone from

having to act as the authenticator, yet allows the LAN switch to authenticate a data

end point prior to accessing the network.

In conjunction with the EAPOL pass-through mechanism, Cisco Unified IP

Phones provide a proxy EAPOL-Logoff mechanism. If the locally attached PC is

disconnected from the IP phone, the LAN switch would not see the physical link

fail, because the link between the LAN switch and the IP phone is maintained. To

avoid compromising network integrity, the IP phone sends an EAPOL-Logoff

message to the switch on behalf of the downstream PC, which triggers the LAN

switch to clear the authentication entry for the downstream PC.

The Cisco Unified IP phones contain an 802.1X supplicant in addition to the

EAPOL pass-through mechanism. This supplicant allows network administrators

to control the connectivity of IP phones to the LAN switch ports. The initial

release of the IP phone 802.1X supplicant implements the EAP-MD5 option for

802.1X authentication.

Required Network Components

Support for 802.1X authentication on Cisco Unified IP Phones requires several

components, including:

• Cisco Unified IP Phone—The phone acts as the 802.1X supplicant, which

initiates the request to access the network.

• Cisco Secure Access Control Server (ACS) (or other third-party

authentication server)—The authentication server and the phone must both be

configured with a shared secret that is used to authenticate the phone.

• Cisco Catalyst Switch (or other third-party switch)—The switch must support

802.1X so it can act as the authenticator and pass the messages between the

phone and the authentication server. When the exchange is completed, the

switch grants or denies the phone access to the network.

Best Practices—Requirements and Recommendations

• Enable 802.1X Authentication—If you want to use the 802.1X standard to

authenticate Cisco Unified IP Phones, make sure that you have properly

configured the other components before enabling it on the phone. See the

“802.1X Authentication and Status” section on page 4-36 for more

information.

Cisco 7906G Administration Guide

Other manuals for Cisco 7906G