Home » Cisco Manuals » Telephony » Cisco 7925G » Manual Viewer

Cisco 7925G Administration Guide - Page 89

Configuring Wireless LAN Security, Authentication Mode, Wireless Encryption

UPC - 882658201943

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Chapter 4 Using the Cisco Unified Wireless IP Phone 7925G Web Pages Configuring Network Profiles Configuring Wireless LAN Security The Cisco Unified Wireless IP Phone 7925G supports many types of authentication. Authentication methods might require a specific encryption method or you can choose between several encryption methods. When configuring a network profile, you can choose one of these authentication methods: • Open-Provides access to all access points without WEP Key authentication/encryption. • Open plus WEP-Provides access to all access points and authentication through the use of one or more WEP Keys at the local access point. • Shared Key plus WEP-Provides shared key authentication through the use of WEP Keys at the local access point. • LEAP- Exchanges a username and cryptographically secure password with a RADIUS server for authentication in the network. LEAP is a Cisco proprietary version of EAP. • EAP-FAST-Exchanges a username and password and with a RADIUS server for authentication in the network. • EAP-TLS-Uses a dynamic session-based WEP key derived from the client adapter and RADIUS server to encrypt data and a client certificate for authentication. It uses PKI to secure communication to the RADIUS authentication server. • PEAP (EAP-MSCHAP V2)-Performs mutual authentication, but does not require a client certificate on the phone. This method uses name and password authentication based on Microsoft MSCHAP V2 authentication. • PEAP with Server Certificate Authentication-The Cisco Unified Wireless IP Phone 7925G can validate the server certificate during the authentication handshakes over an 802.11 wireless link. This functionality is disabled by default and is enabled in Cisco Unified Communications Manager Administration. • Auto (AKM)-Automatic authenticated key management in which the phone selects the AP and type of key management scheme, which includes WPA, WPA2, WPA-Pre-shared key, WPA2-Pre-shared key, or CCKM (which uses a wireless domain server (WDS)). Note When set to AKM mode, the phone uses LEAP for 802.1x type authentication methods (non-Pre-shared key such as WPA, WPA2, or CCKM). AKM mode supports only authenticated key-management types (WPA, WPA2, WPA-PSK, WPA2-PSK, CCKM). The type of authentication and encryption schemes that you are using with your WLAN determine how you set up the authentication, security, and encryption options in the network profiles for the Cisco Unified Wireless IP Phones. Table 4-5 provides a list of supported authentication and encryption schemes that you can configure on the Cisco Unified Wireless IP Phone 7925G. Table 4-5 Authentication and Encryption Configuration Options Authentication Mode Open Open plus WEP Shared Key plus WEP Wireless Encryption None Static WEP Requires WEP Key Static WEP Requires WEP Key Wireless Security Credentials None-access to all APs None-access to all APs Uses shared-key with AP OL-15984-01 Cisco Unified Wireless IP Phone 7925G Administration Guide for Cisco Unified Communications Manager 7.0(1) 4-13

Section	Page
Cisco Unified Wireless IP Phone 7925G Administration Guide for Cisco Unified Communications Manager 7.0(1)	1
Contents	3
Preface	11
Overview	11
Audience	11
Organization	12
Related Documentation	13
Obtaining Documentation and Submitting a Service Request	13
Cisco Product Security Overview	13
Document Conventions	14
Overview of the Cisco Unified Wireless IP Phone 7925G	15
Understanding the Cisco Unified Wireless IP Phone 7925G	15
Bluetooth Technology	16
Handsfree Profile	16
Pairing with Headsets	17
Features Supported on the Cisco Unified Wireless IP Phone 7925G	20
Feature Overview	21
Telephony Features	21
Network Settings Configuration	21
Feature Information for Users	22
Understanding Security Features for Cisco Unified IP Phones	22
Overview of Supported Security Features	24
Understanding Security Profiles	26
Identifying Authenticated, Encrypted, and Protected Phone Calls	26
Establishing and Identifying Protected Calls	27
Security Restrictions	27
Overview of Configuring and Installing the Cisco Unified Wireless IP Phone 7925G	28
Configuring the Cisco Unified Wireless IP Phone 7925G in Cisco Unified Communications Manager	28
Installing the Cisco Unified Wireless IP Phone 7925G	29
Overview of the VoIP Wireless Network	31
Understanding the Wireless LAN	31
Understanding WLAN Standards and Technologies	33
802.11 Standards for WLAN Communications	33
Radio Frequency Ranges	34
802.11 Data Rates, Tx Power, Ranges, and Decibel Tolerances	34
Wireless Modulation Technologies	35
AP, Channel, and Domain Relationships	36
WLANs and Roaming	37
Bluetooth Wireless Technology	38
Pairing Headsets	38
Components of the VoIP Wireless Network	39
Networking Protocols Used with Cisco Unified Wireless IP Phones	39
Interacting with Cisco Unified Wireless APs	41
Associating to APs	42
Voice QoS in a Wireless Network	42
Interacting with Cisco Unified Communications Manager	44
Phone Configuration Files and Profile Files	44
Interacting with the Dynamic Host Configuration Protocol Server	45
Security for Voice Communications in WLANs	46
Authentication Methods	46
Authenticated Key Management	48
Encryption Methods	48
Choosing AP Authentication and Encryption Methods	48
VoIP WLAN Configuration	51
Wireless Network Requirements for VoIP	51
Configuring the Wireless Network for Voice	52
Configuration Tip for Cisco Aironet APs	52
Site Survey Verification	52
Performing a Site Survey Verification	53
Using the Neighbor List Utility	53
Using the Site Survey Utility	54
Setting Up the Cisco Unified Wireless IP Phone 7925G	57
Before You Begin	57
Network Requirements	57
Methods for Adding Phones to Cisco Unified Communications Manager	58
Adding Phones with Auto-Registration	59
Adding Phones with Auto-Registration and TAPS	59
Adding Phones with BAT	60
Adding Phones with Cisco Unified Communications Manager Administration	60
Device Support	61
Safety Information	61
Battery Safety Notices	62
Installing the Cisco Unified Wireless IP Phone 7925G	63
Providing Power to the Phone	63
Installing or Removing the Phone Battery	64
Using the Power Supply to Charge the Phone Battery	67
Using the USB Cable and PC to Charge the Battery	68
Configuring Wireless LAN Settings for the Cisco Unified Wireless IP Phone 7925G	69
Cisco Unified Wireless IP Phone 7925G Web Pages	69
Network Profile Menu on the Cisco Unified Wireless IP Phone 7925G	69
Using a Headset	69
Connecting Headsets	70
Using Bluetooth Wireless Headsets	70
Audio Quality Subjective to the User	71
Using External Devices with Cisco Unified IP Phones	71
Powering On the Cisco Unified Wireless IP Phone 7925G	71
Active and Standby Phone Modes	72
Active Mode	72
Standby Mode	73
Understanding the Phone Startup Process	73
Using the Cisco Unified Wireless IP Phone 7925G Web Pages	77
Setting Up Your PC to Configure the Phones	77
Installing the USB Drivers	78
Configuring the USB LAN on the PC	78
Accessing the Phone Web Page	79
Using the USB Cable to Configure Phones	80
Updating the Phones Remotely	80
Setting Configuration Privileges for the Phone Web Page	80
Accessing the Configuration Web Page for a Phone	81
Summary Information on the Home Web Page	83
Configuring Network Profiles	84
Network Profile Settings	84
Configuring Wireless Settings in a Network Profile	88
Configuring Wireless LAN Security	89
Configuring the Authentication Mode	90
Setting the Wireless Security Credentials	91
Configuring the Username and Password	91
Configuring the Pre-shared Key	91
Setting Wireless Encryption	92
Installing Authentication Certificates for EAP-TLS Authentication	93
Configuring PEAP	98
Configuring IP Network Settings	99
Enabling DHCP	99
Disabling DHCP	100
Configuring the Alternate TFTP Server	100
Configuring Advanced Network Profile Settings	101
Configuring USB Settings	102
Configuring Trace Settings	103
Configuring Wavelink Settings	105
Configuring the Phone Book	105
Importing and Exporting Contacts	106
Importing and Exporting CSV Phone Contact Records	106
Searching the Phone Book Information	108
Updating Phone Book Information	108
Adding a Contact	108
Deleting Contacts	109
Editing Contact Information	109
Assigning A Speed-Dial Hot Key to a Contact Number	109
Using System Settings	110
Viewing Trace Logs	110
Backup Settings for Phone Configuration	110
Using Network Profile Templates	111
Creating a Configuration Template	111
Importing a Configuration Template	113
Upgrading Phone Firmware	113
Changing the Admin Password	114
Viewing the Site Survey Report on the Web	114
Configuring Settings on the Cisco Unified Wireless IP Phone 7925G	119
Accessing Network and Phone Settings	119
Configuring Network Profile Settings	120
Accessing a Network Profile	121
Changing the Profile Name	121
Guidelines for Editing Settings in the Network Profile	122
Changing Network Configuration Settings	122
Configuring DHCP Settings	124
Disabling DHCP	124
Configuring an Alternate TFTP Server	125
Changing the Cisco Discovery Protocol Settings	125
Erasing the Configuration	126
Configuring Wireless Settings for the Network Profile	126
Accessing the WLAN Configuration Menu	126
Changing WLAN Configuration Settings	127
Changing Phone Settings	128
Configuring the Security Certificate on the Phone	130
Changing the USB Configuration	131
Configuring the Phone Using the Wavelink Avalanche Server	133
Before You Begin	133
Best Practices	134
Assigning the Wavelink Server	134
Assigning the Wavelink Server from the Phone	134
Assigning the Wavelink Server using the Phone Web Page	135
Setting Up and Using the Phone CU	135
Assigning Attributes for the Phone	135
Defining Custom Names and Custom Values on the Phone	136
Defining Custom Parameters from the Phone Web Page	136
Installing the Cisco Unified Wireless IP Phone 7925G CU	136
Updating Configuration Files	137
Configuring Profile Settings	138
Configuring USB Settings	141
Configuring Trace Settings	141
Configuring Wavelink Settings	142
Updating the Phone	142
Configuring Features, Templates, Services, and Users	145
Configuring Cisco Unified Wireless IP Phones in Cisco Unified Communications Manager	145
Telephony Features Available for the Phone	146
Specific Configuration Options for the Cisco Unified Wireless IP Phone 7925G	157
Configuring Softkey Templates	160
Softkey Templates for the Cisco Unified Wireless IP Phone 7925G	160
Changing Softkeys in a Template	160
Modifying Phone Button Templates	161
Setting Up Services	161
Configuring Corporate and Personal Directories	162
Configuring Corporate Directories	163
Configuring Personal Directory	163
Adding Users to Cisco Unified Communications Manager	163
Managing the User Options Web Pages	164
Giving Users Access to the User Options Web Pages	164
Specifying Options that Appear on the User Options Web Pages	165
Creating Custom Phone Rings	165
Viewing Security, Device, Model, Status, and Call Statistics Information on the Phone	167
Viewing Security Information	167
Accessing the CTL File Screen	169
Trust List Screen	170
Viewing Device Information	170
Viewing Model Information	173
Viewing the Phone Status Menu	174
Viewing the Status Messages	175
Viewing the Current Configuration	178
Viewing Network Statistics	178
Viewing Call Statistics	180
Viewing Firmware Versions	182
Monitoring the Cisco Unified Wireless IP Phone Remotely	185
Accessing the Web Page for a Phone	185
Summary Information	186
Network Configuration Information	187
Device Information	190
Wireless LAN Statistics	191
Network Statistics	193
Stream Statistics	194
Troubleshooting the Cisco Unified Wireless IP Phone 7925G	197
Resolving Startup and Connectivity Problems	197
Symptom: Incomplete Startup Process	197
Symptom: No Association to Cisco Aironet Access Points	198
Verifying Access Point Settings	198
Symptom: No Registration to Cisco Unified Communications Manager	199
Registering the Phone with Cisco Unified Communications Manager	200
Checking Network Connectivity	200
Verifying TFTP Server Settings	200
Verifying IP Addresses	201
Verifying DNS Settings	201
Verifying Cisco Unified Communications Manager Settings	201
Cisco Unified Communications Manager and TFTP Services are not Running	202
Creating a New Configuration File	203
Resolving Voice Quality and Roaming	204
Symptom: Cisco Unified Wireless IP Phone Resets Unexpectedly	204
Verifying Access Point Settings	204
Identifying Intermittent Network Outages	204
Verifying DHCP Settings	205
Verifying Voice VLAN Configuration	205
Verifying that the Phones Have Not Been Intentionally Reset	205
Eliminating DNS or Other Connectivity Errors	205
Symptom: Audio Problems	206
No Audio During a Connected Call	206
One-Way Audio During a Connected Call	206
Symptom: Improper Roaming and Voice Quality or Lost Connection	207
Voice Quality Deteriorates While Roaming	207
Delays in Voice Conversation While Roaming	207
Phone Loses Connection with Cisco Unified Communications Manager While Roaming	207
Phone Does Not Roam Back to Preferred Band	208
Monitoring the Voice Quality of Calls	208
Using Voice Quality Metrics	209
Troubleshooting Tips	209
General Troubleshooting Information	210
Common Phone Status Messages	210
Troubleshooting Tips for the Cisco Unified Wireless IP Phone 7925G	212
Logging Information for Troubleshooting	213
Using a System Log Server	214
Using the Trace Logs on the Unified IP Phone	214
Erasing the Local Configuration	214
Providing Information to Users By Using a Website	217
How the Cisco Unified Wireless IP Phone Operates	217
How to Care for and Clean the Phone	218
How Users Access the Help System on the Phone	219
How Users Get Copies of Cisco Unified IP Phone Manuals	219
How Users Configure Phone Features and Services	220
How Users Access Voice Messages	220
Supporting International Users	223
Installing the Cisco Unified Communications Manager Locale Installer	223
Support for International Call Logging	224
Physical and Operating Environment Specifications	225
Checklist for Deploying the Cisco Unified Wireless IP Phone 7925G	227
Configuring a Wireless Network	227
Configuration Tip for Cisco Aironet Access Points	228
Configuring QoS Policies	229
Access Point Configuration Settings	229
Controller Settings	229
Switch Configuration	230
Configuring the Cisco Unified Wireless IP Phone 7925G in Cisco Unified Communications Manager	230
Installing the Cisco Unified Wireless IP Phone 7925G	233

Match case Limit results 1 per page

4-13

Cisco Unified Wireless IP Phone 7925G Administration Guide for Cisco Unified Communications Manager 7.0(1)

OL-15984-01

Chapter 4

Using the Cisco Unified Wireless IP Phone 7925G Web Pages

Configuring Network Profiles

Configuring Wireless LAN Security

The Cisco Unified Wireless IP Phone 7925G supports many types of authentication. Authentication

methods might require a specific encryption method or you can choose between several encryption

methods. When configuring a network profile, you can choose one of these authentication methods:

•

Open—Provides access to all access points without WEP Key authentication/encryption.

•

Open plus WEP—Provides access to all access points and authentication through the use of one or

more WEP Keys at the local access point.

•

Shared Key plus WEP—Provides shared key authentication through the use of WEP Keys at the

local access point.

•

LEAP— Exchanges a username and cryptographically secure password with a RADIUS server for

authentication in the network. LEAP is a Cisco proprietary version of EAP.

•

EAP-FAST—Exchanges a username and password and with a RADIUS server for authentication in

the network.

•

EAP-TLS—Uses a dynamic session-based WEP key derived from the client adapter and RADIUS

server to encrypt data and a client certificate for authentication. It uses PKI to secure communication

to the RADIUS authentication server.

•

PEAP (EAP-MSCHAP V2)—Performs mutual authentication, but does not require a client

certificate on the phone. This method uses name and password authentication based on Microsoft

MSCHAP V2 authentication.

•

PEAP with Server Certificate Authentication—The Cisco Unified Wireless IP Phone 7925G can

validate the server certificate during the authentication handshakes over an 802.11 wireless link.

This functionality is disabled by default and is enabled in Cisco Unified Communications Manager

Administration.

•

Auto (AKM)—Automatic authenticated key management in which the phone selects the AP and

type of key management scheme, which includes WPA, WPA2, WPA-Pre-shared key,

WPA2-Pre-shared key, or CCKM (which uses a wireless domain server (WDS)).

Note

When set to AKM mode, the phone uses LEAP for 802.1x type authentication methods (non-Pre-shared

key such as WPA, WPA2, or CCKM). AKM mode supports only authenticated key-management types

(WPA, WPA2, WPA-PSK, WPA2-PSK, CCKM).

The type of authentication and encryption schemes that you are using with your WLAN determine how

you set up the authentication, security, and encryption options in the network profiles for the Cisco

Unified Wireless IP Phones.

Table 4-5

provides a list of supported authentication and encryption

schemes that you can configure on the Cisco Unified Wireless IP Phone 7925G.

Table 4-5

Authentication and Encryption Configuration Options

Authentication Mode

Wireless Encryption

Wireless Security Credentials

Open

None

None—access to all APs

Open plus WEP

Static WEP

Requires WEP Key

None—access to all APs

Shared Key plus WEP

Static WEP

Requires WEP Key

Uses shared-key with AP