Encryption Methods - Cisco 7920 - Unified Wireless IP Phone VoIP Administration Manual

For cisco callmanager release 4.0 and 4.1

Hide thumbs Also See for 7920 - Unified Wireless IP Phone VoIP:

Administration manual (216 pages)

User manual (144 pages)

Phone manual (98 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

Table of Contents

Components of the VoIP Wireless Network

Encryption Methods

Cisco Wireless IP Phone 7920 Administration Guide for Cisco CallManager Release 4.0 and 4.1

2-14

Cisco LEAP is a proprietary authentication protocol that requires a

LEAP-compliant RADIUS server. LEAP allows wireless devices to mutually

authenticate by using a username and password through a centralized

RADIUS server user database.

When a Cisco Wireless IP Phone roams from one access point to another, the

next access point requires LEAP authentication, also. The voice stream will

not flow until the LEAP authentication is completed at the next access point

through the centralized RADIUS server.

To reduce the amount of delay between the access point and the RADIUS

server, carefully plan where to locate the RADIUS server. A local RADIUS

server introduces less delay during roaming than a remote RADIUS server.

Small, remote offices can use a RADIUS server on the Cisco access point to

authenticate up to 50 users.

Authenticated Key Management

The following authentication schemes use the RADIUS server to manage

authentication keys:

WiFi Protected Access (WPA)—Uses information on a RADIUS server to

•

derive unique pair-wise keys for authentication. Because these keys are

generated at the centralized RADIUS server, WPA provides more security

than WPA pre-shared keys that are stored on the access point and phone.

Cisco Centralized Key Management (CCKM)—Uses information on a

•

RADIUS server and a wireless domain server (WDS) to manage and

authenticate keys. The WDS creates a cache of security credentials for

CCKM-enabled client devices for fast and secure reauthentication.

With WPA and CCKM, encryption keys are not entered on the phone , but are

automatically derived between the access point and phone. But the LEAP

username and password that are used for authentication must be entered on each

phone.

To ensure that voice traffic is secure, the Cisco Wireless IP Phone 7920 supports

Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol (TKIP) for

encryption. When you use either mechanism for encryption, both the signaling

(SCCP) packets and voice (RTP) packets are encrypted between the access point

and the Cisco Wireless IP Phone.

Chapter 2

An Overview of the Wireless Network

OL-7104-01

Table of Contents

Encryption Methods - Cisco 7920 - Unified Wireless IP Phone VoIP Administration Manual

Encryption Methods

Troubleshooting

Related Manuals for Cisco 7920 - Unified Wireless IP Phone VoIP

Related Content for Cisco 7920 - Unified Wireless IP Phone VoIP

Table of Contents