Huawei IP Phone eSpace
7810&7820&7830&7850&7870&7803X
Administrator Guide
2 Single IP Phone Configuration
Issue 01 (2011-12-31)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
1.
A client sends an EAPOL-Start packet to a device.
2.
The device receives the packet and sends an EAP-Request/Identity packet, requesting the
client to send the user name. The device encapsulates frames from the client into a
packet and sends the packet to the authentication server.
3.
The client sends the user name that is contained in the EAP-Response/Identity packet to
the device.
4.
The authentication server searches the database for the user name in the packet and
obtains the corresponding password. The authentication server uses a randomly
generated encryption key to encrypt the password and sends the encryption key to the
device through the Access-Challenge packet.
5.
The device sends the encryption key to the client.
6.
The client receives the EAP-Request/MD5 Challenge packet containing the encryption
key. The client uses the encryption key to encrypt the password, generates an
EAP-Response/MD5 Challenge packet, and sends the packet to the device. The device
sends the packet to the authentication server.
7.
The encryption algorithm is irreversible normally.
8.
The authentication server receives the RADIUS Access-Request packet containing the
encrypted password. It compares the encrypted password and the password encrypted by
the authentication server itself. If they are the same, the server regards that the user is
authorized and sends a RADIUS Access-Accept packet and an EAP-Success packet to
the device.
9.
The device changes the port status and allows the client to access the network. The
device periodically sends a handshake packet to the client to monitor the user status
(online or offline). By default, if the device does not receive a response from the client
after sending two handshake packets, the device takes the user offline, which enables the
device to take the user offline if the user goes offline due to exceptions.
10.
If the user name or password set for the IP phone is incorrect, the device sends a Failure
packet. After authentication fails, the IP phone sends a Start packet to request for
authentication again.
11.
The client sends an EAPOL-Logoff packet to the device for going offline. The device
changes the port status from authorized to unauthorized, and sends an EAP -Failure
packet to the client.
Phone Configuration
1.
Set
802.1X Mode
to
EAP-MD5
, and set
Identity
and
MD5 Password
in the
Advanced
area on the
Network
tab page, as shown in
Figure 2-13
.