Wireless Security; Extensible Authentication Protocol - Flexible Authentication Via Secure Tunneling (Eap-Fast) - Cisco 7925G Deployment Manual
Unified wireless ip phone
Hide thumbs
Also See for 7925G:
- Administration manual (274 pages) ,
- User manual (176 pages) ,
- Deployment manual (150 pages)
Table of Contents
Advertisement
•
It is recommended to only enable 802.11g (OFDM) data rates (i.e. > 12 Mbps) to prevent from engaging in
CTS for 802.11g protection when using Coexistence, which can impact voice quality.
Note: It is highly recommended to use 802.11a if using Bluetooth due to 802.11b/g and Bluetooth both utilizing the 2.4 GHz
frequency, but also due to the above limitations.
Wireless Security
When deploying a wireless LAN, you must provide security. The Cisco Unified Wireless IP Phone 7925G supports the
following wireless security features.
Authentication
•
WPA (802.1x authentication + TKIP encryption)
•
WPA2 (802.1x authentication + AES encryption)
•
WPA-PSK (Pre-Shared key + TKIP encryption)
•
WPA2-PSK (Pre-Shared key + AES encryption)
•
EAP-FAST (Extensible Authentication Protocol – Flexible Authentication via Secure Tunneling)
•
EAP-TLS (Extensible Authentication Protocol – Transport Layer Security)
•
PEAP (Protected Extensible Authentication Protocol)
•
LEAP (Lightweight Extensible Authentication Protocol)
•
CCKM (Cisco Centralized Key Management)
•
Open and Shared Key
Encryption
•
AES (Advanced Encryption Scheme)
•
TKIP / MIC (Temporal Key Integrity Protocol / Message Integrity Check)
•
WEP (40-bit and 128-bit Wired Equivalent Protocol)
Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST)
This client server security architecture encrypts EAP transactions within a Transport Level Security (TLS) tunnel between the
access point and the Remote Authentication Dial-in User Service (RADIUS) server such as the Cisco Access Control Server
(ACS).
The TLS tunnel uses Protected Access Credentials (PACs) for authentication between the client (phone) and the RADIUS
server. The server sends an Authority ID (AID) to the client (phone), which in turn selects the appropriate PAC. The client
(phone) returns a PAC-Opaque to the RADIUS server. The server decrypts the PAC with its master-key. Both end points now
have the PAC key and a TLS tunnel is created. EAP-FAST supports automatic PAC provisioning, but you must enable it on the
RADIUS
To enable EAP-FAST, you must install a certificate.
The Cisco Unified Wireless IP Phone 7925G currently supports only automatic provisioning of the PAC, so enable "Allow
anonymous in-band PAC provisioning" on the RADIUS server as shown below.
Cisco Unified Wireless IP Phone 7925G Deployment Guide
12
Advertisement
Table of Contents
