Home » Cisco Manuals » Telephony » Cisco 7921G » Manual Viewer

Cisco 7921G Administration Guide - Page 45

Cisco AP Configuration, Cisco Unified Wireless, IP Phone 7921G Security Mode, Configuration - wpa2

UPC - 882658123108

Add to My Manuals
Save this manual to your list of manuals

Page 45 highlights

Chapter 2 Overview of the VoIP Wireless Network Security for Voice Communications in WLANs Some authentication schemes require specific types of encryption. With Open authentication, you have the option to use static WEP for encryption for added security. But if you are using Shared Key authentication, you must set static WEP for encryption, and you must configure a WEP key on the phone. When using Authenticated Key Management (AKM) for the Cisco Unified Wireless IP Phone 7921G, several choices for both authentication and encryption can be set up on the APs with different SSIDs. When the phone attempts to authenticate, it chooses the AP that advertises the authentication and encryption scheme that the phone can support. Auto (AKM) mode can authenticate by using WPA, WPA2, WPA Pre-shared key, or CCKM. Note • When using WPA Pre-shared key or WPA2 Pre-shared key, the pre-shared key must be statically set on the phone. These keys must match the keys configured on the AP. • When using Auto (AKM), encryption options are automatically configured for WPA, WPA2, WPA Pre-shared key, WPA2 Pre-shared key, or CCKM. • In AKM mode, the phone will authenticate with LEAP if it is configured with WPA, WPA2, or CCKM key management. • The Cisco Unified Wireless IP Phone 7921G does not support auto EAP negotiation; to use EAP-FAST mode, you must specify it. • If AKM and 802.1x are used, the authentication method is LEAP. • The Cisco Unified Wireless IP Phone 7921G uses network EAP for 802.1x. Open EAP is also available. Table 2-6 provides a list of authentication and encryption schemes configured on the Cisco Aironet APs supported by the Cisco Unified Wireless IP Phone 7921G. The table shows the network configuration option for the phone that corresponds to the AP configuration. Table 2-6 Authentication and Encryption Schemes Cisco AP Configuration Authentication Open Open (Static WEP) Shared key (Static WEP) LEAP 802.1x LEAP WPA LEAP WPA2 EAP-FAST 802.1x EAP-FAST WPA EAP-FAST WPA2 EAP-TLS 802.1x Key Management Optional CCKM WPA with Optional CCKM WPA2 Optional CCKM WPA with Optional CCKM WPA2 Optional CCKM Common Encryption None WEP WEP WEP TKIP AES WEP TKIP AES WEP Cisco Unified Wireless IP Phone 7921G Security Mode Configuration Authentication Open Open+WEP Shared+WEP LEAP or Auto (AKM) LEAP or Auto (AKM) LEAP or Auto (AKM) EAP-FAST EAP-FAST EAP-FAST EAP-TLS OL-15985-01 Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0 2-17

Section	Page
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager 7.0	1
Contents	3
Preface	11
Overview	11
Audience	11
Organization	11
Related Documentaton	12
Obtaining Documentation and Submitting a Service Request	13
Cisco Product Security Overview	13
Document Conventions	14
Overview of the Cisco Unified Wireless IP Phone 7921G	15
Understanding the Cisco Unified Wireless IP Phone 7921G	15
Features Supported on the Cisco Unified Wireless IP Phone 7921G	18
Feature Overview	19
Configuring Telephony Features	19
Configuring Network Access for the Phone	19
Providing Users with Feature Information	20
Understanding Security Features for Cisco Unified IP Phones	21
Overview of Supported Security Features	22
Understanding Security Profiles	24
Identifying Encrypted and Authenticated Phone Calls	25
Security Restrictions	25
Overview of Configuring and Installing the Cisco Unified Wireless IP Phone 7921G	25
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	26
Installing the Cisco Unified Wireless IP Phone 7921G	26
Overview of the VoIP Wireless Network	29
Understanding the Wireless LAN	29
Understanding WLAN Standards and Technologies	31
802.11 Standards for WLAN Communications	31
Radio Frequency Ranges	31
Wireless Modulation Technologies	32
AP, Channel, and Domain Relationships	32
WLANs and Roaming	34
Components of the VoIP Wireless Network	35
Networking Protocols Used with Cisco Unified Wireless IP Phones	35
Interacting with Cisco Unified Wireless APs	37
Associating to an AP	38
Voice QoS in a Wireless Network	38
Interacting with Cisco Unified Communications Manager	40
Phone Configuration Files and Profile Files	40
Interacting with the DHCP Server	41
Security for Voice Communications in WLANs	42
Authentication Methods	42
Authenticated Key Management	44
Encryption Methods	44
AP Authentication and Encryption Methods	44
VoIP WLAN Configuration	46
Wireless Network Requirements for VoIP	47
Configuring APs for Voice	47
Configuration Tip for Cisco Aironet APs	48
Site Survey Verification	48
Site Survey Verification Tasks	48
Neighbor List Utility	49
Site Survey Utility	50
Setting Up the Cisco Unified Wireless IP Phone 7921G	51
Before You Begin	51
Network Requirements	51
Methods for Adding Phones to Cisco Unified Communications Manager	52
Adding Phones with Auto-Registration	53
Adding Phones with Auto-Registration and TAPS	53
Adding Phones with BAT	54
Adding Phones with Cisco Unified Communications Manager Administration	54
Safety Information	55
Battery Safety Notices	56
Installing the Cisco Unified Wireless IP Phone 7921G	57
Providing Power to the Phone	57
Installing or Removing the Phone Battery	58
Using the Power Supply to Charge the Phone	59
Using the USB Cable to Charge the Phone	61
Installing and Using the Desktop Charger	63
Using the Desktop Charger to Charge the Phone	64
Battery Charging Times Using the Desktop Charger	64
Configuring Wireless LAN Settings	65
Cisco Unified Wireless IP Phone 7921G Web Pages	65
Network Profile Menu on the Cisco Unified Wireless IP Phone 7921G	65
Using a Headset	65
Audio Quality Subjective to the User	65
Connecting Headsets	66
Using External Devices with Cisco Unified IP Phones	66
Powering On the Cisco Unified Wireless IP Phone 7921G	66
Active and Standby Phone Modes	67
Active Mode	67
Standby Mode	68
Understanding the Phone Startup Process	68
Using the Cisco Unified Wireless IP Phone 7921G Web Pages	71
Setting Up Your PC to Configure the Phones	71
Installing the USB Drivers	72
Configuring the USB LAN on the PC	72
Accessing the Phone Web Page	73
Using the USB Cable to Configure Phones	74
Updating Phones Remotely	74
Setting Configuration Privileges for the Phone Web Page	74
Accessing the Configuration Web Page for a Phone	75
HOME: Summary Web Page	77
Configuring Network Profiles	78
Network Profile Settings	78
Configuring Wireless Settings in a Network Profile	83
Configuring Wireless LAN Security	84
Configuring the Authentication Mode	85
Setting the Wireless Security Credentials	85
Configuring the Username and Password	86
Configuring the Pre-shared Key	86
Setting Wireless Encryption	88
Installing Authentication Certificates for EAP-TLS Authentication	89
Configuring PEAP	94
Configuring IP Network Settings	95
Enabling DHCP	95
Disabling DHCP	96
Configuring the Alternate TFTP Server	96
Configuring Advanced Network Profile Settings	97
Configuring USB Settings	98
Configuring Trace Settings	99
Configuring Wavelink Avalanche Server Settings	101
Configuring the Phone Book	101
Importing and Exporting Contacts	102
Importing and Exporting CSV Phone Contact Records	102
Searching the Phone Book Information	104
Updating Phone Book Information	104
Adding a Contact	104
Deleting Contacts	105
Editing Contact Information	105
Assigning A Speed-Dial Hot Key to a Contact Number	105
Using System Settings	106
Viewing Trace Logs	106
Backup Settings for Phone Configuration	107
Using Network Profile Templates	107
Creating a Configuration Template	108
Importing a Configuration Template	109
Upgrading Phone Firmware	110
Changing the Admin Password	110
Viewing the Site Survey Report on the Web	111
Configuring Settings on the Cisco Unified Wireless IP Phone	115
Accessing Network and Phone Settings	115
Configuring Network Profile Settings	116
Accessing a Network Profile	117
Changing the Profile Name	117
Guidelines for Editing Settings in the Network Profile	118
Changing Network Configuration Settings	118
Configuring DHCP Settings	120
Disabling DHCP	120
Configuring an Alternate TFTP Server	121
Changing the Cisco Discovery Protocol Settings	121
Erasing the Configuration	122
Configuring Wireless Settings for the Network Profile	122
Accessing the WLAN Configuration Menu	122
Changing WLAN Configuration Settings	123
Changing Phone Settings	124
Configuring the Security Certificate on the Phone	126
Changing the USB Configuration	127
Configuring the Phone Using the Wavelink Avalanche Server	129
Before You Begin	129
Best Practices	130
Assigning the Wavelink Avalanche Server	130
Assigning the Wavelink Avalanche Server from the Phone	130
Assigning the Wavelink Avalanche Server using the Phone Web Page	131
Setting Up and Using the Phone Configuration Utility	131
Assigning Attributes for the Phone	131
Defining Custom Names and Custom Values on the Phone	132
Defining Custom Parameters from the Phone Web Page	132
Installing the Cisco Unified Wireless IP Phone 7921G Configuration Utility	133
Updating Configuration Files	133
Configuring Profile Settings	134
Configuring USB Settings	137
Configuring Trace Settings	137
Configuring Wavelink Avalanche Server Settings	138
Updating the Phone	139
Configuring Features, Templates, Services, and Users	141
Configuring Cisco Unified Wireless IP Phones	141
Telephony Features Available for the Phone	142
Product-Specific Configuration Options for the Cisco Unified Wireless IP Phone 7921G	153
Configuring Softkey Templates	156
Softkey Templates for the Cisco Unified Wireless IP Phone 7921G	156
Changing Softkeys in a Template	156
Modifying Phone Button Templates	157
Setting Up Services	157
Configuring Corporate and Personal Directories	158
Configuring Corporate Directories	159
Configuring Personal Directory	159
Adding Users to Cisco Unified Communications Manager Administration	159
Managing the User Options Web Pages	160
Giving Users Access to the User Options Web Pages	160
Specifying Options that Appear on the User Options Web Pages	161
Creating Custom Phone Rings	162
Viewing Security, Device, Model, Status, and Call Statistics Information on the Phone	163
Viewing Security Information	163
Accessing the CTL File Screen	165
Trust List Screen	166
Viewing Device Information	166
Viewing Model Information	169
Viewing the Status Menu	170
Viewing the Status Messages	171
Viewing the Current Configuration	174
Viewing Network Statistics	174
Viewing Call Statistics	176
Viewing Firmware Versions	178
Monitoring the Cisco Unified Wireless IP Phone Remotely	181
Accessing the Web Page for a Phone	181
Wireless LAN Statistics	182
Network Statistics	183
Stream Statistics	185
Troubleshooting the Cisco Unified Wireless IP Phone 7921G	187
Resolving Startup and Connectivity Problems	187
Symptom: Incomplete Startup Process	187
Symptom: No Association to Cisco Aironet Access Points	188
Verifying Access Point Settings	188
Symptom: No Registration with Cisco Unified Communications Manager	189
Registering the Phone with Cisco Unified Communications Manager	190
Checking Network Connectivity	190
Verifying TFTP Server Settings	190
Verifying IP Addresses	191
Verifying DNS Settings	191
Verifying Cisco Unified Communications Manager Settings	191
Cisco Communications Manager and TFTP Services are not Running	192
Creating a New Configuration File	193
Resolving Voice Quality and Roaming Problems	193
Symptom: Cisco Unified Wireless IP Phone Resets Unexpectedly	194
Verifying Access Point Settings	194
Identifying Intermittent Network Outages	194
Verifying DHCP Settings	194
Verifying Voice VLAN Configuration	195
Verifying that the Phones Have Not Been Intentionally Reset	195
Eliminating DNS or Other Connectivity Errors	195
Symptom: Audio Problems	196
No Audio During a Connected Call	196
One-Way Audio During a Connected Call	196
Symptom: Improper Roaming and Voice Quality or Lost Connection	197
Voice Quality Deteriorates While Roaming	197
Delays in Voice Conversation While Roaming	197
Phone Loses Connection with Cisco Unified Communications Manager While Roaming	197
Phone Does Not Roam Back to Preferred Band	198
Monitoring the Voice Quality of Calls	198
Using Voice Quality Metrics	199
Troubleshooting Tips	199
General Troubleshooting Information	200
Common Phone Status Messages	200
Troubleshooting Tips for the Cisco Unified Wireless IP Phone 7921G	201
Logging Information for Troubleshooting	203
Using a System Log Server	203
Using the Trace Logs on the Unified IP Phone	203
Erasing the Local Configuration	204
Providing Information to Users By Using a Website	207
How the Cisco Unified Wireless IP Phone Operates	207
How to Care for and Clean the Phone	208
How Users Access the Help System on the Phone	209
How Users Get Copies of Cisco Unified IP Phone Manuals	209
How Users Configure Phone Features and Services	210
How Users Access Voice Messages	210
Supporting International Users	213
Installing the Cisco Unified Communications Manager Locale Installer	213
Support for International Call Logging	214
Physical and Operating Environment Specifications	215
Checklist for Deploying the Cisco Unified Wireless IP Phone 7921G	217
Configuring the Wireless Network	217
Configuration Tip for Cisco Aironet Access Points	218
Configuring QoS Policies	219
Access Point Configuration Settings	219
Controller Settings	219
Switch Configuration	220
Configuring the Cisco Unified Wireless IP Phone 7921G in Cisco Unified Communications Manager	220
Installing the Cisco Unified Wireless IP Phone 7921G	223

Match case Limit results 1 per page

2-17

Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0

OL-15985-01

Chapter 2

Overview of the VoIP Wireless Network

Security for Voice Communications in WLANs

Some authentication schemes require specific types of encryption. With Open authentication, you have

the option to use static WEP for encryption for added security. But if you are using Shared Key

authentication, you must set static WEP for encryption, and you must configure a WEP key on the phone.

When using Authenticated Key Management (AKM) for the Cisco Unified Wireless IP Phone 7921G,

several choices for both authentication and encryption can be set up on the APs with different SSIDs.

When the phone attempts to authenticate, it chooses the AP that advertises the authentication and

encryption scheme that the phone can support. Auto (AKM) mode can authenticate by using WPA,

WPA2, WPA Pre-shared key, or CCKM.

Note

•

When using WPA Pre-shared key or WPA2 Pre-shared key, the pre-shared key must be statically

set on the phone. These keys must match the keys configured on the AP.

•

When using Auto (AKM), encryption options are automatically configured for WPA, WPA2, WPA

Pre-shared key, WPA2 Pre-shared key, or CCKM.

•

In AKM mode, the phone will authenticate with LEAP if it is configured with WPA, WPA2, or

CCKM key management.

•

The Cisco Unified Wireless IP Phone 7921G does not support auto EAP negotiation; to use

EAP-FAST mode, you must specify it.

•

If AKM and 802.1x are used, the authentication method is LEAP.

•

The Cisco Unified Wireless IP Phone 7921G uses network EAP for 802.1x. Open EAP is also

available.

Table 2-6

provides a list of authentication and encryption schemes configured on the Cisco Aironet APs

supported by the Cisco Unified Wireless IP Phone 7921G. The table shows the network configuration

option for the phone that corresponds to the AP configuration.

Table 2-6

Authentication and Encryption Schemes

Cisco AP Configuration

Cisco Unified Wireless

IP Phone 7921G Security Mode

Configuration

Authentication

Key

Management

Common

Encryption

Authentication

Open

None

Open

Open (Static WEP)

WEP

Open+WEP

Shared key (Static WEP)

WEP

Shared+WEP

LEAP 802.1x

Optional CCKM

WEP

LEAP or Auto (AKM)

LEAP WPA

WPA with

Optional CCKM

TKIP

LEAP or Auto (AKM)

LEAP WPA2

WPA2

AES

LEAP or Auto (AKM)

EAP-FAST 802.1x

Optional CCKM

WEP

EAP-FAST

EAP-FAST WPA

WPA with

Optional CCKM

TKIP

EAP-FAST

EAP-FAST WPA2

WPA2

AES

EAP-FAST

EAP-TLS 802.1x

Optional CCKM

WEP

EAP-TLS