Page 362 of 430 Appendix C: 802.1x Port-based network access control553-3001-368 Standard 7.00 August 2005• Authenticator — the network entry point to which the supplicantphysically connects (typically a Layer 2/3 switch). The authenticator actsas the proxy between the supplicant and the authentication server.The authenticator controls access to the network based on theauthentication status of the supplicant.• Authentication server — performs authentication of the supplicant.AuthorizationIf 802.1x is configured and the IP Phone is physically connected to thenetwork, the IP Phone (supplicant) initiates 802.1x authentication bycontacting the Layer 2/3 switch (authenticator). The IP Phone also initiates802.1x authentication after the Ethernet connection (network interface only)is restored following a network link failure.However, if the phone resets, the IP Phone assumes the Layer 2 link hasremained in service and is authenticated.The IP Phone fails to authorize if the DeviceID and the IP Phone passwordsdo not match the DeviceID and IP Phone password provisioned on theRADIUS Server. The Layer 2 switch (authenticator) locks out the IP Phoneand network access is denied. If this happens during reauthorization, allphone services are lost. The connected PC operates as normal.Enabling and disabling EAPThe following section provides steps to enable and disable EAP on theIP Phone.Procedure 55Enable the 802.1x supplicant1 Reset the phone by disconnecting and reconnecting power.2 When the Nortel logo appears, press each of the soft keys in sequence.For information on configuring the IP Phone 2001, see Procedure 2 onpage 41, “Installing an IP Phone 2001 for the first time using manualconfiguration” on page 41”.
