Chapter 2 An Overview of the Wireless Network
Components of the VoIP Wireless Network
2-14
Cisco Wireless IP Phone 7920 Administration Guide for Cisco CallManager Release 4.0 and 4.1
OL-7104-01
Cisco
LEAP is a proprietary authentication protocol that requires a
LEAP-compliant RADIUS server. LEAP allows wireless devices to mutually
authenticate by using a username and password through a centralized
RADIUS server user database.
When a Cisco Wireless IP Phone roams from one access point to another, the
next access point requires LEAP authentication, also. The voice stream will
not flow until the LEAP authentication is completed at the next access point
through the centralized RADIUS server.
To reduce the amount of delay between the access point and the RADIUS
server, carefully plan where to locate the RADIUS server. A local RADIUS
server introduces less delay during roaming than a remote RADIUS server.
Small, remote offices can use a RADIUS server on the Cisco access point to
authenticate up to 50 users.
Authenticated Key Management
The following authentication schemes use the RADIUS server to manage
authentication keys:
•
WiFi Protected Access (WPA)
—
Uses information on a RADIUS server to
derive unique pair-wise keys for authentication. Because these keys are
generated at the centralized RADIUS server, WPA provides more security
than WPA pre-shared keys that are stored on the access point and phone.
•
Cisco Centralized Key Management (CCKM
)—
Uses information on a
RADIUS server and a wireless domain server (WDS) to manage and
authenticate keys. The WDS creates a cache of security credentials for
CCKM-enabled client devices for fast and secure reauthentication.
With WPA and CCKM, encryption keys are not entered on the phone , but are
automatically derived between the access point and phone. But the LEAP
username and password that are used for authentication must be entered on each
phone.
Encryption Methods
To ensure that voice traffic is secure, the Cisco Wireless IP Phone 7920 supports
Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol (TKIP) for
encryption. When you use either mechanism for encryption, both the signaling
(SCCP) packets and voice (RTP) packets are encrypted between the access point
and the Cisco Wireless IP Phone.
Summary of Contents for 7920 - Unified Wireless IP Phone VoIP
Page 4: ......