Ap Authentication And Encryption Options - Cisco 7925G Administration Manual
Unified wireless ip phone
Hide thumbs
Also See for 7925G:
- Administration manual (244 pages) ,
- User manual (176 pages) ,
- Deployment manual (150 pages)
Table of Contents
Advertisement
AP Authentication and Encryption Options
Temporal Key Integrity Protocol (TKIP)
AES
AP Authentication and Encryption Options
Authentication and encryption schemes are set up within the wireless LAN. VLANS are configured in the
network and on the APs and specify different combinations of authentication and encryption. An SSID is
associated with a VLAN and its particular authentication and encryption scheme. In order for wireless client
devices to authenticate successfully, you must configure the same SSIDs with their authentication and encryption
schemes on the APs and on the Cisco Unified Wireless IP Phone.
Some authentication schemes require specific types of encryption. With Open authentication, you can use
static WEP for encryption for added security. But if you are using Shared Key authentication, you must set
static WEP for encryption, and you must configure a WEP key on the phone.
When using Authenticated Key Management (AKM) for the Cisco Unified Wireless IP Phone, you have
several choices for both authentication and encryption setup on the APs with different SSIDs. When the phone
attempts to authenticate, it chooses the AP that advertises the authentication and encryption scheme that the
phone can support. Auto (AKM) mode can authenticate by using WPA, WPA2, WPA Pre-shared key, or
CCKM.
• When using WPA Pre-shared key or WPA2 Pre-shared key, the pre-shared key must be statically
Note
• When using Auto (AKM), encryption options are automatically configured for WPA, WPA2, WPA
• In AKM mode, the phone will authenticate with LEAP if it is configured with WPA, WPA2, or
• The Cisco Unified Wireless IP Phone does not support auto-EAP negotiation; to use EAP-FAST
• If AKM and 802.1x are used, the authentication method is LEAP.
• The Cisco Unified Wireless IP Phone uses network EAP for 802.1x but you can enable open EAP.
The following table provides a list of authentication and encryption schemes configured on the Cisco Aironet
APs supported by the Cisco Unified Wireless IP Phone. The table shows the network configuration option
for the phone that corresponds to the AP configuration.
Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G Administration Guide
42
WPA uses TKIP encryption that has several improvements over WEP. TKIP provides per-packet key
ciphering and longer initialization vectors (IVs) that strengthen encryption. In addition, a message
integrity check (MIC) ensures that encrypted packets are not being altered. TKIP removes the
predictability of WEP that helps intruders decipher the WEP key.
An encryption method used for WPA2 authentication. This national standard for encryption uses a
symmetrical algorithm that has the same key for encryption and decryption. AES uses Cipher Blocking
Chain (CBC) encryption of 128 bits in size, supporting key sizes of 128, 192, and 256 bits, as a minimum.
set on the phone. These keys must match the keys configured on the AP.
Pre-shared key, WPA2 Pre-shared key, or CCKM.
CCKM key management.
mode, you must specify it.
VoIP Wireless Network
Advertisement
Table of Contents
