WPA2 (802.1x authentication + AES or TKIP encryption)
•
WPA-PSK (Pre-Shared key + TKIP encryption)
•
WPA2-PSK (Pre-Shared key + AES encryption)
•
EAP-FAST (Extensible Authentication Protocol – Flexible Authentication via Secure Tunneling)
•
EAP-TLS (Extensible Authentication Protocol – Transport Layer Security)
•
PEAP (Protected Extensible Authentication Protocol) MS-CHAPv2
•
LEAP (Lightweight Extensible Authentication Protocol)
•
CCKM (Cisco Centralized Key Management)
•
Open
•
Shared Key
•
WLAN Encryption
AES (Advanced Encryption Scheme)
•
TKIP / MIC (Temporal Key Integrity Protocol / Message Integrity Check)
•
WEP (Wired Equivalent Protocol) 40/64 and 104/128 bit
•
The Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G also support the following additional security features.
X.509 Digital Certificates
•
Image authentication
•
Device authentication
•
File authentication
•
Signaling authentication
•
Secure Cisco Unified SRST
•
Media encryption (SRTP)
•
Signaling encryption (TLS)
•
Certificate authority proxy function (CAPF)
•
Secure profiles
•
Encrypted configuration files
•
Settings Access (can limit user access to configuration menus)
•
Locked network profiles
•
Administrator password
•
Extensible Authentication Protocol – Flexible Authentication via Secure
Tunneling (EAP-FAST)
This client server security architecture encrypts EAP transactions within a Transport Level Security (TLS) tunnel between the
access point and the Remote Authentication Dial-in User Service (RADIUS) server such as the Cisco Access Control Server
(ACS).
The TLS tunnel uses Protected Access Credentials (PACs) for authentication between the client (phone) and the RADIUS
server. The server sends an Authority ID (AID) to the client (Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G),
Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G Deployment Guide
20