Wlan Security - Avaya 3641 Administration Manual

WLAN security

The handsets support the following security methods:
WPA2 Enterprise
The handsets support WPA2 Enterprise, as defined by the Wi-Fi Alliance. The 802.11i
standard based WPA2 provides government-grade security by implementing the
Advanced Encryption Standard (AES) encryption algorithm. The Enterprise version of
WPA2 uses 802.1X authentication, which is a port-based network access control
mechanism using dynamic encryption keys to protect data privacy. The handsets
support two 802.1X authentication methods: EAP-FAST and PEAPv0/MSCHAPv2. Both
of these methods require a RADIUS authentication server on the network and accessible
to the phone. See the
details, see Chapter Three: SIP Integration
Normal 802.1X authentication requires the client to renegotiate its key with the
authentication server on every AP handoff. This renegotiation is a time-consuming
process that negatively affects time-sensitive applications such as voice. Fast AP
handoff methods allow for the part of the key derived from the server to be cached in the
wireless network, thereby shortening the time to renegotiate a secure handoff. The
Wireless Telephone supports two fast AP handoff techniques, Cisco Client Key
Management (CCKM) (only available on Cisco APs) or Opportunistic Key Caching
(OKC). You must configure one of these methods for support on the WLAN to ensure
proper performance of the handset.
WPA and WPA2 Personal
The handset supports WPA and WPA2 Personal, as defined by the Wi-Fi Alliance.
Based on the 802.11i standard, WPA2 provides government-grade security by
implementing the Advanced Encryption Standard (AES) encryption algorithm. WPA is
based on a draft version of the 802.11i standard before it was ratified.WPA uses
Temporal Key Integrity Protocol (TKIP) encryption. The Personal version uses WPA2.
Pre-Shared Key (PSK) allows the use of manually entered keys or passwords to initiate
WPA security.
Cisco Fast Secure Roaming
Cisco's Fast Secure Roaming (FSR) mechanism uses a combination of standards-based
and proprietary security components including Cisco Client Key Management (CCKM),
LEAP authentication, Michael message integrity check (MIC) and Temporal Key Integrity
Protocol (TKIP). FSR provides strong security measures for authentication, privacy and
data integrity along with fast AP handoff on Cisco APs.
WEP
The handset supports Wired Equivalent Privacy (WEP) with both 40-bit and 128-bit
encryption.
Avaya 3641/3645/6120/6140 IP Wireless Handset SIP Administration Guide
System Components
Factors.
Avaya 3641/3645 IP Wireless Handset Overview
section for tested models. For additional
June 2012 11