Cisco Centralized Key Management (CCKM)
CCKM is the recommended deployment model for all environment types where frequent roaming occurs.
CCKM enables fast secure roaming and limits the off-network time to keep audio gaps at a minimum when on call.
802.1x authentication is required in order to utilize CCKM.
802.1x without CCKM can introduce delay during roaming due to its requirement for full re-authentication. WPA and WPA2
introduce additional transient keys and can lengthen roaming time.
CCKM centralizes the key management and reduces the number of key exchanges.
When CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that transition time from
one access point to another will not be audible to the user.
As of the 1.3(4) release, the Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G support CCKM with WPA2 (AES
or TKIP), WPA (TKIP or AES) and 802.1x (WEP) authentication.
EAP Type
EAP-FAST
EAP-TLS
PEAP
LEAP
AKM
CCKM was not supported with WPA2 in release 1.3(3) or earlier.
WPA Version
WPA
WPA2
EAP and User Database Compatibility
The following chart displays the EAP and database configurations supported by the Cisco Unified Wireless IP Phone 7925G,
7925G-EX, and 7926G.
Database Type
Cisco ACS
Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G Deployment Guide
Key Management
802.1x, WPA, WPA2
802.1x, WPA, WPA2
802.1x, WPA, WPA2
802.1x, WPA, WPA2
802.1x, WPA, WPA2
Cipher
Supported
TKIP
Yes
AES
1.3(4) and later
TKIP
1.3(4) and later
AES
1.3(4) and later
LEAP
Yes
Encryption
AES, TKIP, WEP (40/64 or 104/128 bit)
AES, TKIP, WEP (40/64 or 104/128 bit)
AES, TKIP, WEP (40/64 or 104/128 bit)
AES, TKIP, WEP (40/64 or 104/128 bit)
AES, TKIP, WEP (40/64 or 104/128 bit)
EAP-FAST
EAP-TLS
(Phase Zero)
Yes
Yes
PEAP
(MS-CHAPv2)
Yes
26