802.1X Authentication
The following table provides information about changes to conference security levels depending on the initiator
phone security level, the security levels of participants, and the availability of secure conference bridges.
Table 5: Security Restrictions with Conference Calls
Initiator s phone security
level
Nonsecure
Secure (encrypted or
authenticated)
Secure (encrypted)
Secure (authenticated)
Nonsecure
Nonsecure
Secure (encrypted)
Secure (encrypted)
802.1X Authentication
The following sections describe the 802.1X support on the Cisco Unified IP Phones.
Overview
Cisco Unified IP Phones and Cisco Catalyst switches traditionally use Cisco Discovery Protocol (CDP) to
identify each other and determine parameters such as VLAN allocation and inline power requirements. CDP
does not identify locally attached workstations. Cisco Unified IP Phones provide an EAPOL pass-through
mechanism. This mechanism allows a workstation attached to the Cisco Unified IP Phone to pass EAPOL
messages to the 802.1X authenticator at the LAN switch. The pass-through mechanism ensures that the IP
phone does not act as the LAN switch to authenticate a data endpoint before accessing the network.
Cisco Unified IP Phone
22
Feature used
Security level of
participants
Conference
Encrypted or
authenticated
Conference
At least one member is
nonsecure
Conference
All participants are
encrypted
Conference
All participants are
encrypted or authenticated
cBarge
All participants are
encrypted
Meet Me
Minimum security level
is encrypted
Meet Me
Minimum security level
is authenticated
Meet Me
Minimum security level
is nonsecure
Cisco Unified IP Phone
Results of action
Nonsecure conference
bridge
Nonsecure conference
Nonsecure conference
Secure encrypted level
conference
Secure authenticated level
conference
Conference changes to
nonsecure
Initiator receives the
message Does not
meet Security
Level, and the call
rejected.
Conference accepts
encrypted and
authenticated calls
Only secure conference
bridge available and used
Conference accepts all
calls