Authenticated Key Management; Encryption Methods - Cisco 8821 Administration Manual

Wireless ip phone

Hide thumbs Also See for 8821:

Manual (202 pages)

User manual (116 pages)

Accessory manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

Table of Contents

Authentication Methods

Dynamic WEP with 802.1x authentication and Shared Key authentication are not supported.

Note

For more information about authentication methods, see the "Wireless Security" section in the Cisco Wireless

IP Phone 8821 Series Deployment Guide.

Authenticated Key Management

The following authentication schemes use the RADIUS server to manage authentication keys:

• WPA/WPA2: Uses RADIUS server information to generate unique keys for authentication. Because

these keys are generated at the centralized RADIUS server, WPA/WPA2 provides more security than

WPA pre-shared keys that are stored on the AP and device.

• Cisco Centralized Key Management (CCKM): Uses RADIUS server and a wireless domain server

(WDS) information to manage and authenticate keys. The WDS creates a cache of security credentials

for CCKM-enabled client devices for fast and secure reauthentication.

With WPA/WPA2 and CCKM, encryption keys are not entered on the device, but are automatically derived

between the AP and device. But the EAP username and password that are used for authentication must be

entered on each device.

Encryption Methods

To ensure that voice traffic is secure, the wireless phones support WEP, TKIP, and Advanced Encryption

Standards (AES) for encryption. When these mechanisms are used for encryption, voice Real-Time Transport

Protocol (RTP) packets are encrypted between the AP and the device.

WEP

When WEP is used in the wireless network, authentication happens at the AP through open or shared-key

authentication. The WEP key that is set up on the phone must match the WEP key that is configured

at the AP for successful connections. The phones support WEP keys that use 40-bit encryption or a

128-bit encryption and remain static on the device and AP.

TKIP

WPA and CCKM use TKIP encryption, which has several improvements over WEP. TKIP provides

per-packet key ciphering and longer initialization vectors (IVs) that strengthen encryption. In addition,

a message integrity check (MIC) ensures that encrypted packets are not altered. TKIP removes the

predictability of WEP that helps intruders decipher the WEP key.

AES

An encryption method used for WPA2 authentication. This national standard for encryption uses a

symmetrical algorithm that has the same key for encryption and decryption.

Cisco Wireless IP Phone 8821 and 8821-EX Administration Guide for Cisco Unified Communications Manager

◦ AES (Advanced Encryption Scheme)

◦ TKIP / MIC (Temporal Key Integrity Protocol / Message Integrity Check)

◦ WEP (Wired Equivalent Protocol) 40/64 and 104/128 bit

VoIP Networks

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

8821-ex

Authenticated Key Management; Encryption Methods - Cisco 8821 Administration Manual

Authenticated Key Management

Encryption Methods

Hide quick links:

Troubleshooting

Related Manuals for Cisco 8821

Related Content for Cisco 8821

This manual is also suitable for:

Table of Contents