Security - Avaya 3641 Installation, Configuration And Administration

terms of voice quality, battery life and call capacity. The WLAN must also support
and enable each of these QoS mechanisms in order to ensure they are utilized. This
option does not require the AVPP Server.
CCXv4
The CCX program allows WLAN client devices operating on Cisco APs to take
advantage of Cisco-specific features. When the CCXv4 operating mode is selected on
the handset, it operates using the required set of Cisco-specific and industry standard
QoS mechanisms. This option does not require the AVPP Server.
1.2

Security

The following security methods are supported by the handset.
WPA2 Enterprise
The handset supports WPA2 Enterprise, as defined by the Wi-Fi Alliance. WPA2,
which is based on the 802.11i standard, provides government-grade security by
implementing the Advanced Encryption Standard (AES) algorithm. The Enterprise
version of WPA2 uses 802.1X authentication, which is a port-based network access
control mechanism using dynamic encryption keys to protect data privacy. Two
802.1X authentication methods are supported on the Wireless IP Telephone, EAP-
FAST and PEAPv0/MSCHAPv2. Both of these methods require a RADIUS
authentication server to be available on the network and accessible to the phone.
Additional details are provided in Section 3.1.
Normal 802.1X authentication requires the client to renegotiate its key with the
authentication server on every AP handoff, which is a time-consuming process that
negatively affects time-sensitive applications such as voice. Fast AP handoff methods
allow for the part of the key derived from the server to be cached in the wireless
network, thereby shortening the time to renegotiate a secure handoff. The Wireless IP
Telephone supports two fast AP handoff techniques: Cisco Client Key Management
(CCKM) (only available on Cisco APs) and Opportunistic Key Caching (OKC). One of
these methods must be configured for support on the WLAN to ensure proper
performance of the handset.
WPA and WPA2 Personal
The handset supports WPA and WPA2 Personal, as defined by the Wi-Fi Alliance.
WPA2, which is based on the 802.11i standard, provides government-grade security
by implementing the Advanced Encryption Standard (AES) algorithm. WPA, which is
based on a draft version of the 802.11i standard before it was ratified, uses Temporal
Key Integrity Protocol (TKIP) encryption. The Personal version uses an authentication
technique called Pre-Shared Key (PSK) that allows the use of manually entered keys
to initiate security.
Cisco Fast Secure Roaming
Cisco's Fast Secure Roaming (FSR) mechanism uses a combination of standards-
based and proprietary security components including Cisco Client Key Management
(CCKM), LEAP authentication, Michael message integrity check (MIC) and Temporal
Key Integrity Protocol (TKIP). FSR provides strong security measures for
authentication, privacy and data integrity on Cisco APs.
Issue 6, January 2011
Avaya 3641/3645 Wireless IP Telephone Overview
37