Cisco 8821 Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. IP Phone
  5. 8821
  6. Manual

Cisco 8821 Manual

Hide thumbs Also See for 8821:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, User Manual
Cisco Wireless IP Phone 8821 and 8821-EX
Wireless LAN Deployment Guide
The Cisco Wireless IP Phone 8821 and 8821-EX are adaptable for all mobile professionals, from users on the move within an
office environment to nurses and doctors in a healthcare environment to associates working in the warehouse, on the sales floor,
or in a call center. Staff, nurses, doctors, educators, and IT personnel can be easily reached when mobile.
This guide provides information and guidance to help the network administrator deploy the Cisco Wireless IP Phone 8821 and
8821-EX in a wireless LAN environment.

Advertisement

Table of Contents
loading

Related Manuals for Cisco 8821

Summary of Contents for Cisco 8821

  • Page 1 Wireless LAN Deployment Guide The Cisco Wireless IP Phone 8821 and 8821-EX are adaptable for all mobile professionals, from users on the move within an office environment to nurses and doctors in a healthcare environment to associates working in the warehouse, on the sales floor, or in a call center.

  • Page 2: Revision History

    Revision History Date Comments 08/24/16 11.0(2) Release 10/08/16 11.0(2)SR2 Release 02/07/17 11.0(3) Release Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 3: Table Of Contents

    Cisco Wireless LAN Controller and Lightweight Access Points ......................42 802.11 Network Settings .................................. 43 WLAN Settings ....................................55 Controller Settings .................................... 60 Call Admission Control (CAC) ................................ 62 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 4 Wireless LAN Profiles ................................... 115 Cisco Unified Communications Manager Express ..........................124 Product Specific Configuration Options ............................128 Configuring the Cisco Wireless IP Phone 8821 and 8821-EX ......................138 Wi-Fi Profile Configuration ................................138 Automatic Provisioning .................................. 138 Local User Interface ..................................139 Admin Webpage .....................................
  • Page 5 Device Information ..................................194 Network Setup ....................................195 Streaming Statistics ..................................196 Device Logs ....................................197 Capturing a Screenshot of the Phone Display ............................ 199 Additional Documentation ................................... 200 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 6: Cisco Wireless Ip Phone 8821 And 8821-Ex Overview

    Through the use of unlicensed spectrum, and the inability to guarantee the delivery of messages to a WLAN device, the Cisco Wireless IP Phone 8821 and 8821-EX is not intended to be used as a medical device and should not be used to make clinical decisions.

  • Page 7: Site Survey

    (e.g. manufacturing, warehouse, retail). The wireless LAN must be validated to ensure it meets the requirements to deploy the Cisco Wireless IP Phone 8821 and 8821- Signal The cell edge should be designed to -67 dBm where there is a 20-30% overlap of adjacent access points at that signal level.

  • Page 8: Call Control

    Prior to release 11.0 of Cisco Unified Communications Manager Express, the Cisco Wireless IP Phone 8821 and 8821-EX are to utilize the fast track method utilizing the Cisco Unified IP Phone 9971 as the reference model (use 7975 as reference model if needing softkey template support).
  • Page 9 Note: The Cisco Wireless IP Phone 8821 and 8821-EX are supported with the Cisco AP3600 when the internal 802.11a/b/g/n radio is utilized, however is not supported if the 802.11ac module (AIR-RM3000AC) for the Cisco AP3600 is installed. The table below lists the modes that are supported by each Cisco Access Point.
  • Page 10 3700 3800 The Cisco Wireless IP Phone 8821 and 8821-EX are currently supported on the Cisco Meraki MR18, MR24, MR26, MR32, MR34, MR42, MR52, MR53 indoor access point platforms and the Cisco Meraki MR72 outdoor access point platform only. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 11 The Cisco Meraki MR12, MR16, and Z1 access point platforms are not certified for use with Cisco Wireless IP Phone 8821 and 8821-EX deployments. Note: If an access point model is not specifically listed above, then it is not supported.

  • Page 12: Protocols

    Please refer to the following URL for more info on Cisco Wireless LAN over Distributed Antenna Systems. http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/positioning_statement_c07-565470.html Note: Cisco Access Points with integrated internal antennas (other than the W series) are to be mounted on the ceiling as they have omni-directional antennas and are not designed to be wall mounted.
  • Page 13 120 Mbps (MCS 5) OFDM - 64 QAM -73 dBm 135 Mbps (MCS 6) OFDM - 64 QAM -72 dBm 150 Mbps (MCS 7) OFDM - 64 QAM -72dBm Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 14 58 Mbps (MCS 5) OFDM - 64 QAM -78 dBm 65 Mbps (MCS 6) OFDM - 64 QAM -77 dBm 72 Mbps (MCS 7) OFDM - 64 QAM -75 dBm Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 15: Regulatory

    The Cisco Wireless IP Phone 8821 and 8821-EX will passively scan DFS channels first before engaging in active scans of those channels. If 802.11d is not enabled, then the Cisco Wireless IP Phone 8821 and 8821-EX can attempt to connect to the access point using reduced transmit power.

  • Page 16: Bluetooth

    Hungary (HU) Peru (PE) Note: Compliance information is available on the Cisco Product Approval Status web site at the following URL: http://tools.cisco.com/cse/prdapp/jsp/externalsearch.do?action=externalsearch&page=EXTERNAL_SEARCH Bluetooth The Cisco Wireless IP Phone 8821 and 8821-EX support Bluetooth 3.0 technology allowing for wireless headset communications.

  • Page 17: Languages

    Download the locale packages from the Localization page at the following URL: http://software.cisco.com/download/navigator.html?mdfid=278875240 8821-EX Certifications The Cisco Wireless IP Phone 8821-EX is certified for Canadian Standards Association (CSA) Class I Division 2 and Atmospheres Explosibles (ATEX) Class I Zone 2. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 18: Battery Life

    Battery Life The Cisco Wireless IP Phone 8821 and 8821-EX have a 2060 mAh smart battery. The Cisco Wireless IP Phone 8821 and 8821-EX battery’s capacity will be reduced to 80% after 500 full charging cycles (charging from empty to full).
  • Page 19 XSI messages, or navigating the menus on the phone. Coverage Ensure the Cisco Wireless IP Phone 8821 and 8821-EX remain in a good RF coverage area and is able to maintain a constant connection to the Cisco Unified Communications Manager.

  • Page 20: Phone Care

    On Call Power Save in the Wi-Fi Profile should remain Enabled so the Cisco Wireless IP Phone 8821 and 8821-EX can utilize U-APSD. If On Call Power Save is Disabled, then the Cisco Wireless IP Phone 8821 and 8821-EX will utilize active mode when on call, but still use U-APSD when in idle.
  • Page 21 • Multicharger For more information, refer to the Cisco Wireless IP Phone 8821 Series Accessory Guide at this URL: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8821/english/accessories/w88x_b_wireless-ip-phone-882x- accessory.html Party Accessories Only the 3 party accessories listed below are certified for use with the Cisco Wireless IP Phone 8821 and 8821-EX.

  • Page 22: Wireless Lan Design

    Need to ensure there is at least 20 percent overlap with adjacent channels when deploying the Cisco Wireless IP Phone 8821 and 8821-EX in an 802.11a/n/ac environment, which allows for seamless roaming. For critical areas, it is recommended to increase the overlap (30% or more) to ensure that there can be at least 2 access points available with -67 dBm or better, while the Cisco Wireless IP Phone 8821 and 8821-EX also meet the access point’s receiver sensitivity (required signal level for the...

  • Page 23: Ghz (802.11B/G/N)

    Having many 5 GHz channels enabled in the wireless LAN can delay discovery of new access points. 2.4 GHz (802.11b/g/n) In general, it is recommended for access points to utilize automatic channel selection instead of manually assigning channels to access points. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 24: Signal Strength And Coverage

    Signal Strength and Coverage To ensure acceptable voice quality, the Cisco Wireless IP Phone 8821 and 8821-EX should always have a signal of -67 dBm or higher when using 5 GHz or 2.4 GHz, while the Cisco Wireless IP Phone 8821 and 8821-EX also meet the access point’s receiver sensitivity required signal level for the transmitted data rate.
  • Page 25 802.11a/n/ac for voice and use 802.11b/g/n for data. However there are products that also utilize the non-licensed 5 GHz frequency (e.g. 5.8 GHz cordless phones, which can impact UNII-3 channels). Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 26 The Cisco Unified Network Control System (NCS) can be utilized to verify signal strength and coverage. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 27: Data Rates

    The Cisco Wireless IP Phone 8821 and 8821-EX both have a single antenna, therefore it supports up to MCS 7 data rates for 802.11n (up t to 150 Mbps) and up to MCS 9 data rates for 802.11ac (up to 433 Mbps).

  • Page 28: Rugged Environments

    It is crucial that line of sight to the access point’s antennas is maximized by minimizing any obstructions between the Cisco Wireless IP Phone 8821 or 8821-EX and the access point. Ensure that the access point and/or antennas are not mounted behind any obstruction or on or near a metal or glass surface.
  • Page 29 Need to ensure that DSCP values are preserved throughout the wired network, so that the WMM UP tag for voice, video, and call control frames can be set correctly. Beamforming If using Cisco 802.11n capable access points, then Beamforming (ClientLink) should be enabled, which can help with client reception. Multipath Multipath occurs when RF signals take multiple paths from a source to a destination.

  • Page 30: Security

    Use of antenna diversity can also help in such environments. Security When deploying a wireless LAN, security is essential. The Cisco Wireless IP Phone 8821 and 8821-EX support the following wireless security features. WLAN Authentication • WPA2 and WPA (802.1x authentication) •...

  • Page 31: Extensible Authentication Protocol - Flexible Authentication Via Secure Tunneling (Eap-Fast)

    The TLS tunnel uses Protected Access Credentials (PACs) for authentication between the client (the Cisco Wireless IP Phone 8821 and 8821-EX) and the RADIUS server. The server sends an Authority ID (AID) to the client, which in turn selects the appropriate PAC.

  • Page 32: Extensible Authentication Protocol - Transport Layer Security (Eap-Tls)

    PAC provisioning is enabled. Ensure that the Cisco Wireless IP Phone 8821 and 8821-EX has connected to the network during the grace period to ensure it can use its existing PAC created either using the active or retired master key in order to get issued a new PAC.
  • Page 33 EAP-TLS may also require a user account to be created on the authentication server matching the common name of the certificate imported into the Cisco Wireless IP Phone 8821 or 8821-EX. It is recommended to use a complex password for this user account and that EAP-TLS is the only EAP type enabled on the RADIUS server.

  • Page 34: Protected Extensible Authentication Protocol (Peap)

    PEAP requires that a user account be created on the authentication server. The authentication server can be validated via importing a certificate into the Cisco Wireless IP Phone 8821 and 8821-EX. For more information on Cisco Secure Access Control System (ACS) and Cisco Identity Services Engine (ISE), refer to the following links.

  • Page 35: Quality Of Service (Qos)

    Enable Differentiated Services Code Point (DSCP) preservation on the Cisco IOS switch. For more information about TCP and UDP ports used by the Cisco Wireless IP Phone 8821 and 8821-EX and the Cisco Unified Communications Manager, refer to the Cisco Unified Communications Manager TCP and UDP Port Usage document at this URL: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/10_0_1/CUCM_BK_T537717B_00_tcp-port-usage-guide-...

  • Page 36: Traffic Classification (Tclas)

    If the AP sends an ADDTS successful message then the Cisco Wireless IP Phone 8821 or 8821-EX establishes the call. If the access point rejects the call and the Cisco Wireless IP Phone 8821 or 8821-EX has no other access point to roam to, then the phone will display Network Busy.

  • Page 37: Wired Qos

    Note: When using the Cisco Wireless LAN Controller, DSCP trust must be implemented or must trust the UDP data ports used by the Cisco Wireless LAN Controller (CAPWAP = UDP 5246 and 5247) on all interfaces where wireless packets will traverse to ensure QoS markings are correctly set.

  • Page 38: Roaming

    RSSI, which results in seamless roaming (no voice interruptions). For seamless roaming to occur, the Cisco Wireless IP Phone 8821 and 8821-EX must be associated to an access point for at least 3 seconds, otherwise roams can occur based on packet loss (max tx retransmissions or missed beacons).
  • Page 39 Note: If deploying the Cisco Wireless IP Phone 8821 or 8821-EX into an environment where other Wi-Fi phone models exist but those Wi-Fi phone models do not support 802.11r (FT), then should be able to use that same pre-existing SSID for the Cisco Wireless IP Phone 8821 or 8821-EX, but is recommended to enable 802.11r (FT) utilizing the Over the Air method on top of...

  • Page 40: Interband Roaming

    2.4 GHz having a stronger signal in general assuming the power levels are the same. At power on, the Cisco Wireless IP Phone 8821 and 8821-EX will scan all 2.4 and 5 GHz channels when in Auto mode, then attempt to associate to an access point for the configured network if available.

  • Page 41: Call Capacity

    If proxy ARP is enabled, then the Cisco Wireless IP Phone 8821 and 8821-EX do not have to wake up at DTIM. For optimal battery life and performance, is recommended to set the DTIM period to 2 with a beacon period of 100 ms.

  • Page 42: Multicast

    If there is an associated client that is in power save mode, then all multicast packets will be queued until the DTIM period. The Cisco Wireless IP Phone 8821 and 8821-EX utilize active mode primarily, but if there is an associated client that is in power save mode, then all multicast packets will be queued until the DTIM period.

  • Page 43: 802.11 Network Settings

    802.11 Network Settings It is recommended to have the Cisco Wireless IP Phone 8821 and 8821-EX operate on the 5 GHz band only due to have many channels available and not as many interferers as the 2.4 GHz band has.
  • Page 44 Mbps to be enabled as a mandatory (basic) rate. If 802.11b clients exist, then 11 Mbps should be set as the mandatory (basic) rate and 12 Mbps and higher as supported (optional). Enable CCX Location Measurement. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 45 For releases prior to 7.2.103.0, ClientLink can be enabled globally via the 802.11 Global Parameters section or on individual access points via the access point’s 802.11 radio configuration page. As of release 7.2.103.0, ClientLink is no longer configurable via the Cisco Wireless LAN Controller’s web interface and is only configurable via command line.
  • Page 46 Auto RF (RRM) When using the Cisco Wireless LAN Controller it is recommended to enable Auto RF to manage the channel and transmit power settings. Configure the access point transmit power level assignment method for either 5 or 2.4 GHz depending on which frequency band is to be utilized.
  • Page 47 The 5 GHz channel width can be configured for 20 MHz or 40 MHz if using Cisco 802.11n Access Points and 20 MHz, 40 MHz, or 80 MHz if using Cisco 802.11ac Access Points. It is recommended to utilize the same channel width for all access points.
  • Page 48 This may be necessary if there is an intermittent interferer present in an area. The 5 GHz channel width can be configured for 20 MHz or 40 MHz if using Cisco 802.11n Access Points and 20 MHz, 40 MHz, or 80 MHz if using Cisco 802.11ac Access Points.

  • Page 49: Client Roaming

    Client Roaming The Cisco Wireless IP Phone 8821 and 8821-EX do not utilize the RF parameters in the Client Roaming section of the Cisco Wireless LAN Controller as scanning and roaming is managed independently by the phone itself. EDCA Parameters Set the EDCA profile for Voice Optimized and disable Low Latency MAC for either 5 or 2.4 GHz depending on which...
  • Page 50 Ensure that WMM is enabled and WPA2(AES) is configured in order to utilize 802.11n/ac data rates. The Cisco Wireless IP Phone 8821 and 8821-EX support HT MCS 0 - MCS 7 and VHT MCS 0 - MCS 9 data rates only, but higher MCS rates can optionally be enabled if there are other 802.11n/ac clients utilizing the same band frequency that include...
  • Page 51 (MSDUs) together to reduce the overheads where in turn throughput and capacity can be optimized. Aggregation of MAC Protocol Data Unit (A-MPDU) requires the use of block acknowledgements. It is recommended to adjust the A-MPDU and A-MSDU settings to the following to optimize the experience with the Cisco Wireless IP Phone 8821 and 8821-EX.
  • Page 52 Use the following commands to configure the A-MPDU and A-MSDU settings per the Cisco Wireless IP Phone 8821 and 8821- EX recommendations. In order to configure the 5 GHz settings, the 802.11a network will need to be disabled first, then re-enabled after the changes are complete.
  • Page 53 Priority 5....... Enabled Priority 6....... Disabled Priority 7....... Disabled CleanAir CleanAir should be Enabled when utilizing Cisco Access Points with CleanAir technology in order to detect any existing interferers. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 54 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 55: Wlan Settings

    However, if there is an existing SSID configured to support voice capable Cisco Wireless LAN endpoints already, then that WLAN can be utilized instead. The SSID to be used by the Cisco Wireless IP Phone 8821 and 8821-EX can be configured to only apply to a certain 802.11 radio type (e.g. 802.11a only).
  • Page 56 802.11r (FT) depending on whether 802.1x or PSK is being utilized. To utilize CCKM for fast secure roaming, enable WPA2 policy with AES encryption and 802.1x + CCKM for authenticated key management type. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 57 The WMM policy should be set to Required only if the Cisco Wireless IP Phone 8821 and 8821-EX or other WMM enabled phones will be using this SSID. If there are non-WMM clients existing in the WLAN, it is recommended to put those clients on another WLAN.
  • Page 58 It is recommended to set Re-anchor Roamed Voice Clients to disabled as this can cause brief interruptions with wireless LAN connectivity when a call is terminated after performing an inter-controller roaming. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 59 RF Profile parameters should be used for the access points assigned to the AP Group. On the WLANs tab, select the desired SSIDs and interfaces to map to then select Add. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 60: Controller Settings

    On the APs tab, select the desired access points then select Add APs. Those access points will then reboot. Controller Settings Ensure the Cisco Wireless LAN Controller hostname is configured correctly. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 61 Enable Link Aggregation (LAG) if utilizing multiple ports on the Cisco Wireless LAN Controller. Configure the desired AP multicast mode. If utilizing multicast, then Enable Global Multicast Mode and Enable IGMP Snooping should be enabled. If utilizing layer 3 mobility, then Symmetric Mobility Tunneling should be Enabled.

  • Page 62: Call Admission Control (Cac)

    When multiple Cisco Wireless LAN Controllers are to be in the same mobility group, then the IP address and MAC address of each Cisco Wireless LAN Controller should be added to the Static Mobility Group Members configuration. Call Admission Control (CAC) It is recommended to enable Admission Control Mandatory for Voice and configure the maximum bandwidth and reserved roaming bandwidth percentages for either 5 or 2.4 GHz depending on which frequency band is to be utilized.
  • Page 63 The Cisco Wireless IP Phone 8821 and 8821-EX use TCP for SIP communications, therefore if the channel is busy where another call can not be allowed, then the Cisco Wireless IP Phone 8821 and 8821-EX could potentially lose registration to the Cisco Unified Communications Manager if SIP CAC is enabled.
  • Page 64 Ensure QoS is setup correctly under the configuration, which can be displayed by using the following command. (Cisco Controller) >show wlan <WLAN id> Quality of Service....... Platinum (voice) WMM..........Allowed Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 65: Rf Profiles

    RF Profiles can be created to specify which frequency bands, data rates, RRM settings, etc. a group of access points should use. It is recommended to have the SSID used by the Cisco Wireless IP Phone and 8821 and 8821-EX to be applied to 5 GHz radios only.
  • Page 66 On the RRM tab, the Maximum Power Level Assignment and Minimum Power Level Assignment settings as well as other TPC and Coverage Hole Detection settings can be configured. On the High Density tab, Maximum Clients and Multicast Data Rates can be configured. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 67: Flexconnect Groups

    If utilizing CCKM, then seamless roams can only occur when roaming to access points within the same FlexConnect Group. Multicast Direct In the Media Stream settings, Multicast Direct feature should be enabled. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 68: Qos Profiles

    Configure the four QoS profiles (Platinum, Gold, Silver, Bronze), by selecting 802.1p as the protocol type and set the 802.1p tag for each profile. • Platinum = 5 • Gold = 4 • Silver = 2 • Bronze = 1 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 69 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 70 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 71 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 72: Advanced Settings

    Need to ensure that the advanced EAP settings in the Cisco Wireless LAN Controller are configured per the information below. To view the EAP configuration on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the following command.
  • Page 73 EAPOL-Key Max Retries......If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Wireless LAN Controller should be set to at least 20 seconds. In later versions of Cisco Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to 30 seconds.

  • Page 74: Cisco Meraki Access Points

    CCKM Timestamp Tolerance The default CCKM timestamp tolerance is set to 1000 ms. It is recommended to adjust the CCKM timestamp tolerance to 5000 ms to optimize the Cisco Wireless IP Phone 8821 and 8821-EX roaming experience. (Cisco Controller) >config wlan security wpa akm cckm timestamp-tolerance ? <tolerance>...

  • Page 75: Creating The Wireless Network

    Cisco Meraki access points can be claimed either by specifying the serial number or order number. Once claimed, those Cisco Meraki access points will then be listed in the available inventory. Cisco Meraki access points can be claimed either by selecting Claim on the Create network or Organization > Configure > Inventory pages.
  • Page 76 Once claimed, Cisco Meraki access points can be added to the desired wireless network via the Organization > Configure > Inventory page. Access points can also be added to a wireless network by selecting Add APs on the Wireless > Monitor > Access points page.

  • Page 77: Ssid Configuration

    To create a SSID, select the desired network from the drop-down menu then select Wireless > Configure > SSIDs. It is recommended to have a separate SSID for the Cisco Wireless IP Phone 8821 and 8821-EX; data clients and other type of clients should utilize a different SSID and VLAN.
  • Page 78 If WPA2-Enterprise is enabled where the Cisco Meraki authentication server will be utilized as the RADIUS server, then a user account must be created on the Network-wide > Configure > Users page, which the Cisco Wireless IP Phone 8821 and 8821-EX will be configured to use for 802.1x authentication.
  • Page 79 Phone 8821 and 8821-EX can be configured as necessary. It is recommended to select 5 GHz band only to have the Cisco Wireless IP Phone 8821 and 8821-EX operate on the 5 GHz band due to have many channels available and not as many interferers as the 2.4 GHz band has.

  • Page 80: Radio Settings

    Cisco Meraki access points currently utilize a DTIM period of 1 with a beacon period of 100 ms; which both are non- configurable. On the Wireless > Configure > SSID availability page, the SSID can be broadcasted by setting Visibility to Advertise this SSID publicly.
  • Page 81 Note: Cisco Meraki access points do not support Dynamic Transmit Power Control (DTPC), therefore the Cisco Wireless IP Phone 8821 and 8821-EX will utilize the maximum transmit power supported for the current channel and data rate. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 82: Traffic Shaping

    Once Shape traffic on this SSID has been applied, then select Create a new rule to define Traffic shaping rules. By default, Cisco Meraki access points currently tag voice frames marked with DSCP EF (46) as WMM UP 5 instead of WMM UP 6 and call control frames marked with DSCP CS3 (24) as WMM UP 3 instead of WMM UP 4.

  • Page 83: Cisco Autonomous Access Points

    802.11 Network Settings It is recommended to have the Cisco Wireless IP Phone 8821 and 8821-EX operate on the 5 GHz band only due to have many channels available and not as many interferers as the 2.4 GHz band has.
  • Page 84 This may be necessary if there is an intermittent interferer present in an area. The 5 GHz channel width can be configured for 20 MHz or 40 MHz if using Cisco 802.11n Access Points and 20 MHz, 40 MHz, or 80 MHz if using Cisco 802.11ac Access Points.
  • Page 85 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 86 Mbps to be enabled as a mandatory (basic) rate. If 802.11b clients exist, then 11 Mbps should be set as the mandatory (basic) rate and 12 Mbps and higher as supported (optional). Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 87: Wlan Settings

    However, if there is an existing SSID configured to support voice capable Cisco Wireless LAN endpoints already, then that WLAN can be utilized instead. The SSID to be used by the Cisco Wireless IP Phone 8821 and 8821-EX can be configured to only apply to a certain 802.11 radio type (e.g. 802.11a only).
  • Page 88 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 89 Ensure that Public Secure Packet Forwarding (PSPF) is not enabled for the voice VLAN as this will prevent clients from communicating directly when associated to the same access point. If PSPF is enabled, then the result will be no way audio. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 90 Ensure AES is selected for encryption type. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 91 Configure the RADIUS servers to be used for authentication and accounting. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 92 Wireless Domain Services (WDS) Wireless Domain Services should be utilized in the Cisco Autonomous Access Point environment, which is also required for fast secure roaming. Select one access point to be the primary WDS server and another to be the backup WDS server.
  • Page 93 For the native VLAN, it is recommended to not use VLAN 1 to ensure that IAPP packets are exchanged successfully. Port security should be disabled on switch ports that Cisco Autonomous Access Points are directly connected to. Server groups for Wireless Domain Services must be defined.
  • Page 94 Then, define the server group to be used for client authentication. Will need to ensure that all access points with Wireless Domain Services enabled are configured in the RADIUS server. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 95 Define the user account in which access points will be configured for to authenticate to the Wireless Domain Services enabled access point. Configure local RADIUS on each access point participating in Wireless Domain Services. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 96 If using a single WDS server, then can specify the IP address of the WDS server; otherwise enable Auto Discovery. Enter the Username and Password to be used to authenticate to the WDS server. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 97: Call Admission Control (Cac)

    WDS server. Call Admission Control (CAC) Load-based CAC and support for multiple streams are not present on the Cisco Autonomous Access Points therefore it is not recommended to enable CAC on Cisco Autonomous Access points.

  • Page 98: Qos Policies

    The Cisco Autonomous Access Point only allows for 1 stream and the stream size is not customizable, therefore SRTP and barge will not work if CAC is enabled. If enabling Admission Control for Voice or for Video on the Cisco Autonomous Access Point, the admission must be unblocked on the SSID as well.
  • Page 99 To enable QBSS, select Enable and check Dot11e. If Dot11e is checked, then both CCA versions (802.11e and Cisco version 2) will be enabled. Ensure IGMP Snooping is enabled. Ensure Wi-Fi MultiMedia (WMM) is enabled. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 100 If the Stream feature is enabled, ensure that only voice packets are being put into the voice queue. Signaling packets (SIP) should be put into a separate queue. This can be ensured by setting up a QoS policy mapping the DSCP to the correct queue. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 101: Power Management

    To enable Proxy ARP, set Client ARP Caching to Enable. Also ensure that Forward ARP Requests to Radio Interfaces When Not All Client IP Addresses Are Known is checked. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 102: Cisco Autonomous Access Point Sample Configuration

    -0500 -5 0 clock summer-time -0400 recurring no ip source-route no ip cef ip domain name cisco.com ip name-server 10.0.0.30 ip name-server 10.0.0.31 dot11 pause-time 100 dot11 syslog Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 103 <REMOVED> privilege 15 password 7 <REMOVED> class-map match-all _class_Voice0 match ip dscp cs3 class-map match-all _class_Voice1 match ip dscp af41 class-map match-all _class_Voice2 match ip dscp ef policy-map Voice class _class_Voice0 set cos 4 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 104 40-below channel 5180 station-role root dot11 dot11r pre-authentication over-air dot11 dot11r reassociation-time value 1000 dot11 qos class voice local admission-control admit-traffic narrowband max-channel 75 roam-channel 6 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 105 2 spanning-disabled no bridge-group 2 source-learning service-policy input Data service-policy output Data interface GigabitEthernet0.3 encapsulation dot1Q 3 bridge-group 3 bridge-group 3 spanning-disabled no bridge-group 3 source-learning service-policy input Voice Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 106 255 interface BVI1 line con 0 access-class 111 in line vty 0 4 access-class 111 in transport input all sntp server 10.0.0.2 sntp broadcast client Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 107: Configuring Cisco Call Control

    When adding the Cisco Wireless IP Phone 8821 or 8821-EX to the Cisco Unified Communications Manager it must be provisioned using the wireless LAN MAC address. The wireless LAN MAC address of the Cisco Wireless IP Phone 8821 or 8821-EX can be found by navigating to Settings > Phone information > Model information.

  • Page 108: Phone Button Templates

    Phone Button Templates When creating a new Cisco Wireless IP Phone 8821 or 8821-EX, a Phone Button Template must be configured. Custom phone button templates can be created with the option for many different features, which can then be applied on a device or group level.
  • Page 109 The Certificate Authority Proxy Function (CAPF) must be operational in order to utilize a Locally Signed Certificate (LSC) with a security profile. The Cisco Wireless IP Phone 8821 and 8821-EX have a Manufacturing Installed Certificate (MIC), which can be utilized with a security profile as well.

  • Page 110: Sip Profiles

    When creating a new Cisco Wireless IP Phone 8821 or 8821-EX, a SIP Profile must be configured. It is recommended to create a custom SIP Profile for the Cisco Wireless IP Phone 8821 and 8821-EX (do no use the Standard SIP Profile).
  • Page 111 Custom 8821 SIP Profile Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 112 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 113: Common Settings

    Some settings such as Bluetooth can be configured on an enterprise phone, common phone profile or individual phone level. Bluetooth is enabled by default for the Cisco Wireless IP Phone 8821 and 8821-EX. Override common settings can be enabled at either configuration level.

  • Page 114: G.722 And Isac Advertisement

    Advertise G.722 and iSAC Codecs to Disabled. Audio Bit Rates The audio and video bit rate can be configured by creating or editing existing Regions in the Cisco Unified Communications Manager. It is recommended to select G.722 or G.711 for the audio codec.

  • Page 115: Wireless Lan Profiles

    • Prior to creating a Wireless LAN Profile and associating it to a Cisco Wireless IP Phone 8821 and 8821-EX, the Cisco Wireless IP Phone 8821 and 8821-EX should be configured to utilize a security profile in which TFTP encryption is enabled so Wireless LAN Profile data is not passed down to the Cisco Wireless IP Phone 8821 and 8821-EX in clear text via TFTP.
  • Page 116 • Once the security profile has been created, it then needs to be applied to the Cisco Wireless IP Phone 8821 and 8821- EX to enable TFTP encryption for that Cisco Wireless IP Phone 8821 and 8821-EX’ configuration files. •...
  • Page 117 Band, User Modifiable), and Authentication Settings are specified. • Below are Wireless LAN Profile defaults: • Frequency Band = Auto • User Modifiable = Allowed • Authentication Method = EAP-FAST Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 118 Disallowed - The user is unable to change any Wireless LAN settings. • Restricted - The user is only able to change certain Wireless LAN settings (e.g. Username and Password). Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 119 If Provide Shared Credentials is not checked, then the Username and Password will need to be configured locally on the Cisco Wireless IP Phone 8821 and 8821-EX by the admin or user. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 120 • If Provide Shared Credentials is checked, then the specified Username and Password will be utilized for all Cisco Wireless IP Phone 8821 and 8821-EX that utilize this Wireless LAN Profile. • Up to 64 characters can be entered for the Username and Password.
  • Page 121 Select Save once the Wireless LAN Profile configuration is complete. • The Cisco Wireless IP Phone 8821 and 8821-EX do not support the Network Access Profile option. • To create a Wireless LAN Profile Group, navigate to Device > Device Settings > Wireless LAN Profile Group within the Cisco Unified Communications Manager’s Administration interface.
  • Page 122 Select Save once the Wireless LAN Profile Group configuration is complete. • Once the Wireless LAN Profile Group has been created, it can be applied to a Device Pool or an individual Cisco Wireless IP Phone 8821 and 8821-EX. •...
  • Page 123 • To apply a Wireless LAN Profile Group to an individual Cisco Wireless IP Phone 8821 and 8821-EX, navigate to Device > Phone within the Cisco Unified Communications Manager’s Administration interface. • Navigate to the desired Cisco Wireless IP Phone 8821 and 8821-EX, configure the Wireless LAN Profile Group then select Save.

  • Page 124: Cisco Unified Communications Manager Express

    Prior to release 11.0 of Cisco Unified Communications Manager Express, the Cisco Wireless IP Phone 8821 and 8821-EX are to utilize the fast track method utilizing the Cisco Unified IP Phone 9971 as the reference model (use 7975 as reference model if needing softkey template support).
  • Page 125 42 load 8821 sip8821.11-0-3-6 authenticate register olsontimezone America/New_York version 2010o timezone 12 create profile sync 0089201122844265 camera video voice register dn 1 number 1101 name 8821-1 label 1101 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 126 60 life 86400 requests 10000 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 127 0 4 privilege level 15 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh scheduler allocate 20000 1000 ntp source GigabitEthernet0/0 ntp server 10.0.0.2 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 128: Product Specific Configuration Options

    Wireless IP Phone 8821 and 8821-EX. For a description of these options, click ? at the top of the configuration page. Product specific configuration options can be configured in bulk via the Bulk Admin Tool if using Cisco Unified Communications Manager.
  • Page 129 Features, such as QRT (Quality Report Tool), will not function properly without access to the phones web pages. This setting will also affect any serviceability application such as CiscoWorks that Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 130 This parameter controls the behavior of the "Send" (green) key when it is pressed. If On-hook Dialing is selected, then the phone will remain on-hook. If Off-hook Dialing is selected, then phone sends an off-hook message. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 131 Absence of pfs or base, pfs will be set to the default value 0 and base will be set to the default value 7. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 132 It is recommended to utilize the SHA256 fingerprint, which can be obtained via OpenSSL (e.g. openssl x509 -in rootca.cer -noout -sha256 - fingerprint) or using a Web Browser to inspect the certificate details. Enter the 64 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 133 Codec negotiation involves two steps: first, the phone must advertise the supported codec(s) to the Cisco Unified CallManager (not all endpoints support the same set of codecs). Second, when the Cisco Unified CallManager gets the list of supported codecs from all phones involved in the call attempt, it chooses a commonly-supported codec based on various factors, including the region pair setting.
  • Page 134 XML Syntax To configure product specific configuration options for the Cisco Wireless IP Phone 8821 and 8821-EX with Cisco Unified Communications Manager Express, add the necessary options under telephony-service. service phone <module> <value> Field Name Module Value Disable Speakerphone disableSpeaker...
  • Page 135 0 = Disabled 1 = Enabled Recording Tone Local Volume recordingToneLocalVolume 0-100 (Default = 100) Recording Tone Remote recordingToneRemoteVolume 0-100 Volume (Default = 50) Recording Tone Duration recordingToneDuration 1-3000 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 136 11 = Volume Level 11 12 = Volume Level 12 13 = Volume Level 13 14 = Volume Level 14 15 = Volume Level 15 Load Server loadServer Up to 256 character string Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 137 PTTH4 = Map to Line 4 PTTH5 = Map to Line 5 PTTH6 = Map to Line 6 For more information on these features, see the Cisco Wireless IP Phone 8821 Series Administration Guide or the Cisco Wireless IP Phone 8821 Series Release Notes. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8821/english/adminguide/w88x_b_wireless-8821-8821ex-admin- guide.html...

  • Page 138: Configuring The Cisco Wireless Ip Phone 8821 And 8821-Ex

    Wi-Fi Profile Configuration To configure the Wi-Fi settings on the Cisco Wireless IP Phone 8821 and 8821-EX, either use the desktop charger or default Wi-Fi profile to connect to a Cisco Unified Communications Manager, use the phone’s admin webpage interface, or use the local user interface and keypad.

  • Page 139: Local User Interface

    Use the 5-way navigation button to navigate to Settings > Wi-Fi, then select the desired profile to configure. • Up to 4 Wi-Fi profiles can be configured. • Then select either Profile name, Network configuration, or WLAN configuration using the 5-way navigation button. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 140 Only Profile 1’s SSID defaults to cisco; others are null. • All profiles default to Security mode = None, 802.11 mode = Auto, and On call power save = Enabled. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 141 Security Mode 802.1x Type Key Management Encryption None None None Static WPA2, WPA AES, TKIP EAP-FAST EAP-FAST WPA2, WPA AES, TKIP EAP-TLS EAP-TLS WPA2, WPA AES, TKIP Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 142 Select Save to save the changes or Cancel to dismiss the changes. Key Style Key Size Characters ASCII 40/64 bit ASCII 104/128 bit 40/64 bit 10 (0-9, A-F) 104/128 bit 26 (0-9, A-F) Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 143 SCEP if wanting to use PEAP with server validation. Server validation is automatically enabled once a server certificate is installed. • Select Save to save the changes or Cancel to dismiss the changes. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 144 If User installed is selected, then will need to have a user certificate installed either manually via the admin webpage or via SCEP. • Server Validation is optional, where Server Certificate can optionally be installed. • Select Save to save the changes or Cancel to dismiss the changes. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 145 • It is recommended to set the frequency band on the Cisco Wireless IP Phone 8821 and 8821-EX to 5 GHz when wanting to utilize the 5 GHz frequency band only, which prevents scanning and potentially roaming to the 2.4 GHz frequency band.
  • Page 146 Select Save to save the changes or Cancel to dismiss the changes. • The current network settings can be cleared by selecting Applications > Admin settings > Reset settings > Network settings. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 147: Admin Webpage

    Admin Webpage The admin webpage interface for the Cisco Wireless IP Phone 8821 and 8821-EX can be accessed via Wi-Fi or USB. • For the Wi-Fi method, the phone is defaulted with SSID = cisco and Security Mode = None.
  • Page 148 For out of box / factory reset, the Admin Password is temporarily set to Cisco. • To create a configuration file to be used for all Cisco Wireless IP Phone 8821 and 8821-EX, browse to the admin webpage of the out of box or factory defaulted Cisco Wireless IP Phone 8821 or 8821-EX.
  • Page 149 • Any pre-existing Server (Root CA) Certificates will be included in the exported configuration. • To apply the exported configuration file, select Backup Settings on the phone’s admin webpage. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 150: Certificate Management

    The Cisco Wireless IP Phone 8821 and 8821-EX will need to be restarted after the template is uploaded. Certificate Management As of the 11.0(2) release for the Cisco Wireless IP Phone 8821 and 8821-EX, X.509 digital certificates can be utilized for EAP- TLS or to enable Server Validation when using PEAP-GTC or PEAP-MSCHAPV2.
  • Page 151 Can set the Date & Time by syncing to the local machine or setting the Date & Time manually. Can utilize either the internal Manufacturing Installed Certificate (MIC) or a custom User Installed certificate to be used as the User Certificate for EAP-TLS. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 152: Manufacturing Installed Certificate

    Enter the Extract password (up to 12 characters), then select Upload. Ensure the CA chain that issued the user certificate is added to the RADIUS server’s trust list. Will need to restart the Cisco Wireless IP Phone 8821 or 8821-EX after all certificates are installed. Server Certificate The root CA certificate that issued the RADIUS server’s certificate must be installed for EAP-TLS or to enable Server...

  • Page 153: Simple Certificate Enrollment Protocol (Scep)

    SCEP is the standard for automatically provisioning and renewing certificates avoiding manual installation and re-installation of certificates on clients. A Cisco IOS Registration Agent (RA) (e.g. Cisco IOS router) can serve as a proxy (e.g. SCEP RA) to the SCEP enabled CA that is to issue certificates.
  • Page 154 CA. The defined fingerprint is used to validate the received certificate. Removing these parameters will disable SCEP. The Cisco Wireless IP Phone 8821 and 8821-EX then sends a SCEP enroll request to the SCEP RA including the phone’s Manufacturing Installed Certificate (MIC) as the Proof of Identity (POI).
  • Page 155 The wizard will detect whether all the required dependencies are installed. If any dependencies are missing, you will be prompted with a dialog box explaining what is missing and requesting your permission to install the dependencies. Click Yes to continue the installation. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 156 Click User Account under Role Services and then click Select User…. • Type in Administrator as the user name, then enter the password. • Enter the Registration Authority information. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 157 • Select Microsoft Strong Cryptographic Provider for Signature Key CSP and Encryption key CSP. • Select 2048 for Key character length. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 158 • Select Install. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 159 • A confirmation page will be displayed if the installation was successful. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 160 (HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > MSCEP > EnforcePassword) • SCEP uses the certificate template that is set in the registry for issuing certificates. (HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > MSCEP) Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 161 Make sure a correct template is set to the above registries before enrolling the RA to the SCEP server. • After the Cisco RA is enrolled to the SCEP server, admin needs to change the template in the registry (if the user certificate period needs to be shorter than that of the root CA).
  • Page 162 • Configure the Validity Period on the General tab as necessary. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 163 • Configure Subject Name tab as shown below. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 164 • Configure Extensions tab as shown below. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 165 • Configure Algorithm Name, Minimum Key Size, and Request Hash as necessary on the Cryptography tab. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 166 • Enable the newly created template by right clicking Certificate Templates then selecting New > Certificate Template to Issue. • Select SCEP User template. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 167 Use the following guidelines to configure the RADIUS server. • Add the SCEP RA under Network Device and AAA Clients. • Configure the RADIUS shared secret that the SCEP RA is currently configured for. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 168 Create a user account matching the common name of the phone’s Manufacturing Installed Certificate (MIC) with the password set to cisco (e.g. CP-8821-SEPxxxxxxxxxxxx). • Add the Cisco Manufacturing CA chain to the RADIUS trust list as well as any other CA chains utilized for authentication. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 169 Create an Identity Store Sequence to be used for EAP-TLS authentication. • Check Certificate Based, select the newly created Certificate Authentication Profile, and select Internal Users as the additional identity store. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 170 Create an Identity Store Sequence to be used for SCEP authentication. • Check Password Based, select the newly created Certificate Authentication Profile, and select Internal Users as the identity store. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 171 • Create an Authorization Profile to be used for SCEP authorization. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 172 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 173 • Under the RADIUS Attributes tab, add the cisco-av-pair attribute where the Type is set to String and Value is set to pki:cert-application=all. • Create an Access Policy to be used for EAP-TLS authentication. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 174 • For the Access Service for EAP-TLS authentication, need to ensure that EAP-TLS is enabled. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 175 • Under Identity, rules can be defined to match EAP type then determine which identity source to use for authentication. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 176 • Under Identity, rules can be defined to match various conditions then determine which authorization profile to use. • Create an Access Policy to be used for SCEP authentication. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 177 • For the Access Service for SCEP authentication, need to ensure that PAP/ASCII is enabled. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 178 • Under Identity, rules can be defined to match various conditions then determine which identity source to use for authentication. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 179 Under Identity, rules can be defined to match various conditions then determine which authorization profile to use. SCEP RA Configuration Currently only a Cisco IOS router running IOS version 15.1(4)M10 or later is supported as the SCEP RA. Use the following guidelines to configure a Cisco IOS router as a SCEP RA.
  • Page 180 Enter the base 64 encoded Manufacturing CA certificate. End with a blank line or the word quit on a line by itself. -----BEGIN CERTIFICATE----- MIIEZTCCA02gAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMQ4wDAYDVQQKEwVDaXNj bzEZMBcGA1UEAxMQQ2lzY28gUm9vdCBDQSBNMjAeFw0xMjExMTIxMzUwNThaFw0z NzExMTIxMzAwMTdaMDYxDjAMBgNVBAoTBUNpc2NvMSQwIgYDVQQDExtDaXNjbyBN YW51ZmFjdHVyaW5nIENBIFNIQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQD0NktCAjJn3kk98hU7wUVp6QlOFrlItEce6CpbfYpeLdUeZduAo+S0otzT lJwS2BlMhZtacu9vUpfmW9w7nQo9zVT3eyPuhF/6/9TEdVBn75zb5CfV+E6ld+fH nuPiFyBu+HDDJRd373Op+957IdoWyPvD8hHR1HJGFJ3JJKBg0UScL4JCwleu98Xq /yPlAqBhExa7a2/fqSmZA0vZIG1bBfWZY8ZtSeTxKg3eWynV+xElabHqTDMYWf+2 obs4YB5lINTbYgHyRETP6T8Xr6TtD0h3654OUHcW+1meBu/jctluMKppeSjVtrof 5vt+pbkCg0iQAAjsL0qczT3yaNXvAgMBAAGjggGHMIIBgzAOBgNVHQ8BAf8EBAMC AQYwEgYDVR0TAQH/BAgwBgEB/wIBADBcBgNVHSAEVTBTMFEGCisGAQQBCRUBEgAw QzBBBggrBgEFBQcCARY1aHR0cDovL3d3dy5jaXNjby5jb20vc2VjdXJpdHkvcGtp L3BvbGljaWVzL2luZGV4Lmh0bWwwHQYDVR0OBBYEFHrXeZXKu0gruFUU/aPAD7yn D5YZMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3Vy aXR5L3BraS9jcmwvY3JjYW0yLmNybDB8BggrBgEFBQcBAQRwMG4wPgYIKwYBBQUH Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 181 Certificate has the following attributes: Fingerprint MD5: CDE40276 04A28DA8 BDE5DF48 0BC1A8F7 Fingerprint SHA1: 81512B43 16429092 925C6891 701B374 EBD254447 Trustpoint Fingerprint: AE5CDEF2 A633DEF4 1D5A5104 7D6A8BD7 E08B576C Certificate validated - fingerprints matched. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 182 PhoneList group radius aaa session-id common dot11 syslog ip source-route ip cef no ip domain lookup multilink bundle-name authenticated Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 183 92A48275 90A556EF 75CDB1D5 F4515843 32718F0D 50801D1A E08B52E3 285D9A09 77A03344 71BDEDAD 07B3AD0D FFF39EFF 212A8119 52C46CA1 CEBBC1FA CCE2E1C4 0819D3C6 9ED68410 409A3092 2D086DDF 8B44B1A8 BED1302E 0F32CAA8 93206BDE ED514BDA C45AF19D EB2BDB65 C0A547DA 4A4528D0 1E377ADF 285AABD3 FC1E4747 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 184 B1C69135 EF9982E6 5BC60BA6 17DBB8BF 5319CF3E 3793F494 C507D2FD B7AC7499 43D43722 ADC22571 FEF9D0C1 5233023E 5B5EB92F AF35F2A7 A953B7F3 6E228A1F 9D09A2 quit certificate ca 1E2F4A24A762A0A9456EC2983E7F6D1D 308203A5 3082028D A0030201 0202101E 2F4A24A7 62A0A945 6EC2983E 7F6D1D30 Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 185 10.195.19.65 255.255.255.128 duplex auto speed auto media-type rj45 interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto media-type rj45 ip default-gateway 10.195.19.1 ip forward-protocol nd ip http server Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 186: Certificate Removal

    Bluetooth Settings The Cisco Wireless IP Phone 8821 and 8821-EX include Bluetooth 3.0 support, which enables hands-free communications. To pair a Bluetooth headset to the Cisco Wireless IP Phone 8821 and 8821-EX, follow the instructions below. • Navigate to Settings > Bluetooth.
  • Page 187 Select the Bluetooth device after it is displayed in the list. • The Cisco Wireless IP Phone 8821 and 8821-EX will then attempt to pair will attempt to use the pin code 0000. If unsuccessful, enter the pin code when prompted.

  • Page 188: Upgrading Firmware

    The downloaded phone configuration file is parsed and the device load is identified. The Cisco Wireless IP Phone 8821 or 8821-EX then downloads the firmware files to flash if it is not running the specified image already. The Load Server can be specified as an alternate TFTP server to retrieve firmware files, which is located in the product specific configuration section of Cisco Wireless IP Phone 8821 and 8821-EX within Cisco Unified Communications Manager Administration.

  • Page 189: Troubleshooting

    Troubleshooting WLAN Signal Indicator The WLAN signal indicator is displayed in the upper right hand corner of the main screen when the Cisco Wireless IP Phone 8821 and 8821-EX is connected to an access point. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 190: Neighbor List

    AP name, BSSID, SSID, Channel, RSSI, and CU (Channel Utilization) information will be displayed. WLAN Statistics Wireless statistic information can be viewed locally on the phone under Applications > Admin settings > Status > Wireless statistics. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 191: Call Statistics

    Call statistic information can be viewed locally on the phone under Applications > Admin settings > Status > Call statistics. Status Messages Status messages can be viewed locally on the phone under Applications > Admin settings > Status > Status messages. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 192: Wlan Diagnostics

    AP name, BSSID, SSID, Frequency, Current channel, Last RSSI, Beacon Interval, Data rate, DTIM, Country code, Channel, Power constraint, Power limit, CU, Station count, Admission capacity, WMM, UAPSD, Proxy ARP, CCX, and Access category information will be displayed. Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...

  • Page 193: Restoring Factory Defaults

    A confirmation screen will appear where Reset must be selected to proceed with the factory data reset. If the Cisco Wireless IP Phone 8821 or 8821-EX is not able to boot properly, a factory reset can also be initiated via the following procedure: •...

  • Page 194: Phone Webpages

    Once the LED changes colors, release the * key. • The Cisco Wireless IP Phone 8821 or 8821-EX will then boot using the alternate image for that one time only. Phone Webpages Cisco Wireless IP Phone 8821 and 8821-EX information can be gathered remotely by accessing the phone’s standard or admin webpage interfaces.

  • Page 195: Network Setup

    The Cisco Wireless IP Phone 8821 and 8821-EX provide network setup information, where network and Cisco Unified Communications Manager information is displayed. Browse to the standard web interface (https://x.x.x.x) of the Cisco Wireless IP Phone 8821 or 8821-EX then select Network setup to view this information.

  • Page 196: Streaming Statistics

    Streaming Statistics The Cisco Wireless IP Phone 8821 and 8821-EX provide call statistic information, where MOS, jitter and packet counters are displayed. Browse to the standard web interface (https://x.x.x.x) of Cisco Wireless IP Phone 8821 or 8821-EX then select the necessary menu item under Streaming statistics to view this information.

  • Page 197: Device Logs

    Device Logs Console Logs Console logs, core dumps, status messages, and debug display can be obtained from the web interface of Cisco Wireless IP Phone 8821 or 8821-EX for troubleshooting purposes. Browse to the standard web interface (https://x.x.x.x) of Cisco Wireless IP Phone 8821 or 8821-EX then select the necessary menu item under Device Logs to view this information.
  • Page 198 The Cisco Wireless IP Phone 8821 and 8821-EX provide status message information. Browse to the standard web interface (https://x.x.x.x) of Cisco Wireless IP Phone 8821 or 8821-EX then select the necessary menu item under Status messages to view this information.

  • Page 199: Capturing A Screenshot Of The Phone Display

    IP address of the Cisco Wireless IP Phone 8821 or 8821-EX. At the prompt enter the username and password for the account that the Cisco Wireless IP Phone 8821 or 8821-EX is associated to in Cisco Unified Communications Manager.

  • Page 200: Additional Documentation

    Cisco Wireless IP Phone 8821 Series Software http://software.cisco.com/download/navigator.html?mdfid=284729655 Cisco Unified Communications Manager http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/tsd-products- support-series-home.html Cisco Unified Communications Manager Express http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-express/tsd-products-support- series-home.html Cisco Voice Software http://software.cisco.com/download/navigator.html?mdfid=278875240 Cisco IP Phone Services Application Development Notes http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products- programming-reference-guides-list.html Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 201 Real-Time Traffic over Wireless LAN SRND http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/RToWLAN/CCVP_BK_R7805F20_00_rtowlan-srnd.html Cisco Unified Communications SRND http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products- implementation-design-guides-list.html Cisco Wireless LAN Controller Documentation http://www.cisco.com/c/en/us/support/wireless/5500-series-wireless-controllers/products-installation-and-configuration-guides- list.html Cisco Meraki Wireless LAN Documentation https://meraki.cisco.com/products/wireless Cisco Autonomous Access Point Documentation http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4-25d-JA/Configuration/guide/cg_12_4_25d_JA.html Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide...
  • Page 202 Cisco and any other company. (0809R) The Bluetooth word mark and logo are registered trademarks owned by Bluetooth SIG, Inc., and any use of such marks by Cisco Systems, Inc., is under license.

This manual is also suitable for:

8821-ex

Table of Contents