Chapter 2
Overview of the VoIP Wireless Network
Some authentication schemes require specific types of encryption. With Open authentication, you have
the option to use static WEP for encryption for added security. But if you are using Shared Key
authentication, you must set static WEP for encryption, and you must configure a WEP key on the phone.
When using Authenticated Key Management (AKM) for the Cisco Unified Wireless IP Phone 7925G,
several choices for both authentication and encryption can be set up on the APs with different SSIDs.
When the phone attempts to authenticate, it chooses the AP that advertises the authentication and
encryption scheme that the phone can support. Auto (AKM) mode can authenticate by using WPA,
WPA2, WPA Pre-shared key, or CCKM.
When using WPA Pre-shared key or WPA2 Pre-shared key, the pre-shared key must be statically
Note
•
set on the phone. These keys must match the keys configured on the AP.
When using Auto (AKM), encryption options are automatically configured for WPA, WPA2, WPA
•
Pre-shared key, WPA2 Pre-shared key, or CCKM.
In AKM mode, the phone will authenticate with LEAP if it is configured with WPA, WPA2, or
•
CCKM key management.
•
The Cisco Unified Wireless IP Phone 7925G does not support auto EAP negotiation; to use
EAP-FAST mode, you must specify it.
•
If AKM and 802.1x are used, the authentication method is LEAP.
•
The Cisco Unified Wireless IP Phone 7925G uses network EAP for 802.1x but you can enable open
EAP.
Table 2-7
supported by the Cisco Unified Wireless IP Phone 7925G. The table shows the network configuration
option for the phone that corresponds to the AP configuration.
Table 2-7
Cisco AP Configuration
Authentication
Open
Open (Static WEP)
Shared key (Static WEP)
LEAP
802.1x
LEAP
WPA
LEAP
WPA2
EAP-FAST
802.1x
EAP-FAST with WPA
Cisco Unified Wireless IP Phone 7925G Administration Guide for Cisco Unified Communications Manager 7.0(1)
OL-15984-01
provides a list of authentication and encryption schemes configured on the Cisco Aironet APs
Authentication and Encryption Schemes
Key
Management
Optional CCKM
WPA with
Optional CCKM
WPA2
Optional CCKM
WPA
Optional CCKM
Security for Voice Communications in WLANs
Cisco Unified Wireless
IP Phone 7925G Configuration
Common
Encryption
Authentication
None
Open
WEP
Open+WEP
WEP
Shared+WEP
WEP
LEAP or Auto (AKM)
TKIP
LEAP or Auto (AKM)
AES
LEAP or Auto (AKM)
WEP
EAP-FAST
TKIP
EAP-FAST
2-19