Cisco 7925G Series Deployment Manual Download Page 20 | Manualshive

Page: 20 / 111

background image

Cisco Unified Wireless IP Phone 7925G Series Deployment Guide

20

PEAP (MS-CHAPv2) requires that a user account be created on the authentication server.
The authentication server can be validated via importing a certificate into the Cisco Unified Wireless IP Phone 7925G Series.
See the “

Installing Certificates

” section for more information.

Cisco Centralized Key Management (CCKM)

When using 802.1x type authentication, it is recommended to implement CCKM to enable fast roaming. 802.1x can introduce
delay during roaming due to its requirement for full re-authentication. CCKM centralizes the key management and reduces the
number of key exchanges. WPA and WPA2 introduce additional transient keys and can lengthen roaming time.

When CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that transition time from
one access point to another will not be audible to the user.
As of the 1.3(4) release, the Cisco Unified Wireless IP Phone 7925G Series supports CCKM with WPA2 (AES or TKIP), WPA
(TKIP or AES) and 802.1x (WEP) authentication.

Authentication

Key Management

Encryption

EAP-FAST

802.1x, WPA, WPA2

AES, TKIP, WEP (40 or 128 bit)

EAP-TLS

802.1x, WPA, WPA2

AES, TKIP, WEP (40 or 128 bit)

«
...
18
19
20
21
22
...
»

Summary of Contents for 7925G Series

Page 1: ...etooth headset The Cisco Unified Wireless IP Phone 7925G Series are Bluetooth 2 1 EDR compliant and supports both the headset and handsfree profiles The Cisco Unified Wireless IP Phone 7925G Series are MIL STD 810F Method 516 5 Procedure I compliant The Cisco Unified Wireless IP Phone 7925G is IP54 rated protecting it from dust liquid splashes and moisture where the Cisco Unified Wireless IP Phone...

Page 2: ...eless IP Phone 7925G Series Deployment Guide 2 Revision History Date Comments 10 13 2008 Initial Version 11 17 2009 1 3 3 Release 5 3 2010 1 3 4 Release 8 30 2010 1 3 4 SR2 Release and 7925G EX 12 15 2010 1 4 1 Release ...

Page 3: ...luetooth Profiles 14 Coexistence 802 11b g Bluetooth 15 Wireless Security 15 Extensible Authentication Protocol Flexible Authentication via Secure Tunneling EAP FAST 16 Extensible Authentication Protocol Transport Layer Security EAP TLS 17 Protected Extensible Authentication Protocol PEAP 19 Cisco Centralized Key Management CCKM 20 EAP and User Database Compatibility 21 Voice Security 21 Power Man...

Page 4: ...mic Transmit Power Control DTPC 38 Multipath 39 Verification with Site Survey Tools 40 Cisco 792xG Neighbor List 40 Cisco 792xG Site Survey 40 Configuring Cisco Unified Communications Manager 43 Phone Button Templates 43 Softkey Templates 43 Security Profiles 44 G 722 Advertisement 45 Product Specific Configuration Options 45 Configuring the Cisco Unified Wireless LAN Controller and Access Points ...

Page 5: ...Files to the Cisco 792xG 91 Configuring the Local Phone Book and Speed Dials 91 Increased Font 93 Using Phone Designer 94 IP Phone Services 96 Extensible Markup Language XML 96 Java Mobile Information Device Profile MIDP 97 Troubleshooting 97 Stream Statistics 97 Network Statistics 99 Wireless LAN Statistics 101 Traffic Stream Metrics TSM 101 Phone Logs 102 Trace Modules 103 Trace Levels 104 Radio...

Page 6: ...nel and transmit power to use at the location See the Designing the Wireless LAN for Voice section for more information Refer to the Steps to Success website for additional information http www cisco com go stepstosuccess RF Validation In order to determine if VoWLAN can be deployed the environment must be evaluated to ensure the following items meet Cisco guidelines Signal The cell edge should be...

Page 7: ...o enable Cisco Unified Wireless IP Phone 7925G Series device support Cisco Unified Communications Manager 5 1 or higher requires signed COP files Device packages for Cisco Unified Communications Manager are available at the following location http www cisco com kobayashi sw center sw voice shtml Supported Protocols Supported voice and wireless LAN protocols include these Real Time Protocol RTP G 7...

Page 8: ...ater Recommended 12 4 10b JA3 or later does not apply to 1100 1200 1230 Note VoWLAN is not currently supported in conjunction with outdoor MESH technology 1500 series 3rd party access points are not supported as there is no interoperability testing performed against 3rd party access points ...

Page 9: ...es Yes Yes Yes Yes Yes 1200 Optional Yes Optional No Yes Yes 1230AG Yes Yes Yes No Yes Yes 1240AG Yes Yes Yes No Yes Yes 1250 Yes Yes Yes Yes Yes Yes 1260 Yes Yes Yes Yes No Yes 3500 Yes Yes Yes Yes No Yes Supported Antennas Some of the Cisco Access Points require external antennas Please refer to the following URL for the list of supported antennas and how these external antennas should be mounte...

Page 10: ...WLAN Regulatory Domain and then referencing the Regulatory Domain number in the table below The Cisco Unified Wireless IP Phone 7925G EX is configured like the Cisco Unified Wireless IP Phone 7925G W model which requires an 802 11d enabled access point Use the following tables to identify specific phone versions that support these regulatory domains for use around the world 7925G Part Number Regul...

Page 11: ...uipment and protective systems intended to be used in zoned areas must meet the requirements of the directive Zone 0 and 20 require Category 1 marked equipment zone 1 and 21 required Category 2 marked equipment and zone 2 and 22 required Category 3 marked equipment Zone 0 and 20 are the zones with the highest risk of an explosive atmosphere being present Certification ensures that the equipment is...

Page 12: ...ed Wireless IP Phone 7925G A E P model uses the locally configured regulatory domain If the Cisco Unified Wireless IP Phone 7925G Series A E or P model is taken to another country where the access point uses a different regulatory domain then 802 11d will be required for the Cisco Unified Wireless IP Phone 7925G Series to operate successfully When using 802 11a enable 802 11d to discover which cha...

Page 13: ...externalsearch page EXTERNAL_SEARCH Language Support The Cisco Unified Wireless IP Phone 7925G Series currently supports the following languages Bulgarian English Japanese Serbian Catalan Finnish Korean Slovak Chinese French Norwegian Slovenian Croatian German Polish Spanish Czech Greek Portuguese Swedish Danish Hungarian Romanian Dutch Italian Russian The corresponding locale package must be inst...

Page 14: ...tion for more information on signal requirements Bluetooth The Cisco Unified Wireless IP Phone 7925G Series supports Bluetooth Class 2 technology allowing for wireless headset communications Bluetooth enables low bandwidth wireless connections within a range of 30 feet however it is recommended to keep the Bluetooth device within 10 feet of the phone Up to five headsets can be connected but only t...

Page 15: ...02 11g and Bluetooth transmissions Multicast Audio Multicast audio from Push To Talk PTT Music on Hold MMOH and other applications are not supported when using Coexistence Data Rate Configuration It is recommended to only enable 802 11g OFDM data rates i e 12 Mbps to prevent from engaging in CTS for 802 11g protection when using Coexistence which can impact voice quality Note It is highly recommen...

Page 16: ...ch as the Cisco Access Control Server ACS The TLS tunnel uses Protected Access Credentials PACs for authentication between the client phone and the RADIUS server The server sends an Authority ID AID to the client phone which in turn selects the appropriate PAC The client phone returns a PAC Opaque to the RADIUS server The server decrypts the PAC with its master key Both endpoints now have the PAC ...

Page 17: ...bled When it is time to renew the PAC then authenticated in band PAC provisioning will be used so ensure that Allow authenticated in band PAC provisioning is enabled Ensure that the Cisco Unified Wireless IP Phone 7925G Series has connected to the network during the grace period to ensure it can use its existing PAC created either using the active or retired master key in order to get issued a new...

Page 18: ...anagement Ensure that Certificate CN Comparison is selected when enabling EAP TLS EAP TLS also requires that a user account be created on the authentication server matching the common name of the certificate imported into the Cisco Unified Wireless IP Phone 7925G Series It is recommended to use a complex password for this user account ...

Page 19: ...sible Authentication Protocol PEAP uses server side public key certificates to authenticate clients by creating an encrypted SSL TLS tunnel between the client and the authentication server The ensuing exchange of authentication information is then encrypted and user credentials are safe from eavesdropping MS CHAP v2 is the current supported inner authentication protocol GTC is not supported ...

Page 20: ... during roaming due to its requirement for full re authentication CCKM centralizes the key management and reduces the number of key exchanges WPA and WPA2 introduce additional transient keys and can lengthen roaming time When CCKM is utilized roaming times can be reduced from 400 500 ms to less than 100 ms where that transition time from one access point to another will not be audible to the user ...

Page 21: ... Supported EAP and User Database Compatibility The following chart indicates which EAP and database configurations are supported by the Cisco Unified Wireless IP Phone 7925G Series Database LEAP EAP TLS PEAP MS CHAPv2 EAP FAST Phase Zero ACS Yes Yes Yes Yes Windows SAM Yes No Yes Yes Windows AD Yes Yes Yes Yes LDAP No Yes No No ODBC ACS for Windows only Yes Yes Yes Yes LEAP Proxy RADIUS Server Yes...

Page 22: ...nsions CCX proxy ARP information element the idle battery life will be optimized When on call U APSD PS POLL or active mode can be utilized depending on the Cisco Unified Wireless IP Phone 7925G Series and Access Point configuration To extend on call battery life the Cisco Unified Wireless IP Phone 7925G Series can use U APSD or PS POLL power save methods The Cisco Unified Wireless IP Phone 7925G ...

Page 23: ...dia WMM is disabled which will disable U APSD support or U APSD support is not available on the access point then the Cisco Unified Wireless IP Phone 7925G Series will use PS POLL for power save when in idle mode and when a phone call is active Below is a sample packet sequence when using PS POLL Active Mode If the Call Power Save Mode is set to None then the phone will use active mode and no powe...

Page 24: ...n the access point giving priority to voice RTP and call control SCCP traffic and apply that profile to the desired interfaces Traffic Type DSCP 802 1p WMM UP Voice RTP EF 46 5 6 Call Control SCCP CS3 24 3 4 Be sure that RTP packets have the proper QoS markings and other protocols are not using the same QoS markings Select the Platinum QoS profile for the voice wireless LAN when using Cisco Unifie...

Page 25: ...is allows RTP packets to be placed into the voice queue if those packets are marked correctly when received at the access point level class map match all RTP match ip dscp ef class map match all SCCP match ip dscp cs3 policy map Voice class RTP set cos 6 class SCCP set cos 4 interface dot11radioX service policy input Voice service policy output Voice Configuring Cisco Switch Ports Configure the Ci...

Page 26: ...ust dscp If DSCP markings are not preserved then the below configuration can be used to set the DSCP based on the TCP or UDP port to map RTP and SCCP correctly Ensure the following QoS policy is not applied to an interface where wireless traffic traverses If using non secure SCCP then TCP port 2000 is used TCP port 2443 is used for secure SCCP ip access list extended SCCP permit tcp any eq 2000 an...

Page 27: ...mum PHY rate can be configured for which the phone is to use when Call Admission Control CAC is enabled Enable a data rate that is enabled on the access point Default setting is 12 Mbps Cisco Access Points will only accept a minimum PHY rate of 5 5 6 11 12 or 24 Mbps so ensure that one of these rates are enabled As of the 1 3 3 release the Cisco Unified Wireless IP Phone 7925G Series will auto neg...

Page 28: ...ration and with release 1 3 3 the minimum PHY rate would be adjusted to 11 Mbps automatically even if the phone is configured statically for a minimum PHY rate of 12 Mbps In releases prior to 1 3 3 the minimum PHY rate would have to be changed to 11 Mbps manually from the default of 12 Mbps in order for CAC to work correctly for this deployment configuration There is no support for load based CAC ...

Page 29: ...erly classifies voice packets Without proper classification voice packets will be treated as best effort which will defeat the purpose of TSPEC and QoS in general TCP and UDP port information will be used to set the UP User Priority value The previous method of classification depends upon preservation of DSCP value throughout the network where the DSCP value maps to a particular queue BE BK VI VO ...

Page 30: ...sco Unified Wireless IP Phone 7925G Series to roam from the preferred band to the less preferred band i e roam to 2 4 GHz when configured for Auto a mode all access points in the preferred band must have a signal low enough to match the less preferred band roam threshold and the RSSI differential threshold for roaming must be met In order to roam back to the preferred band there must be at least o...

Page 31: ...abling multicast in the wireless LAN impacts on battery life performance and capacity must be considered The Cisco Unified Wireless IP Phone 7925G Series uses the DTIM period to receive the queued broadcast and multicast packets If there are many packets queued up then they client may have to stay awake longer thus potentially reducing battery life With multicast there is no reliability that the p...

Page 32: ... wireless LANs Lower power on the client provides longer battery life because less power is used by the radio 5 GHz channels overlap their adjacent channel so there should be at least 1 channel of separation for adjacent access points Using Dynamic Frequency Selection DFS on Access Points For autonomous solution access points select Dynamic Frequency Selection DFS to use auto channel selection Whe...

Page 33: ...commended to disable UNII 2 channels 52 64 on the access point to avoid having so many channels enabled Having many 5 GHz channels enabled in the wireless LAN can delay discovery of new access points 2 4 GHz 802 11b g In the 2 4 GHz 802 11b g environment only non overlapping channels must be utilized when deploying VoWLAN Non overlapping channels have 22 MHz of separation and are at least 5 channe...

Page 34: ...verlapping channels with at least 67 dBm signal with the 25 dB SNR to provide redundancy To achieve maximum capacity and throughput the wireless LAN should be designed to 24 Mbps Higher data rates 36 54 Mbps can optionally be enabled Recommended to set the minimum data rate to 11 Mbps or 12 Mbps for 2 4 GHz dependent upon 802 11b client support policy and 12 Mbps for 5 GHz which should also be the...

Page 35: ...ed more than others and that shielding reduces the spread of the energy Microwave energy can impact channel 11 and some microwaves can affect the entire frequency range channels 1 through 11 To avoid microwave interference select channel 1 for use with access points that are located near microwaves Most microwave ovens Bluetooth and frequency hopping devices do not have the same effect on the 5 GH...

Page 36: ...ies Deployment Guide 36 The Cisco Unified WCS can be utilized to verify signal strength and coverage Break Room Microwave Ovens 2450 MHz File Supply Room Stairwells Reinforced Building Area Lab Cubes CEO Office Elevator Shafts Conference Room ...

Page 37: ...on Enabling these rates could potentially increase the number of retries for a data frame Other applications may be able to benefit from having these higher data rates enabled Note Some environments may require that a lower data rate be enabled due to use of legacy clients environmental factors or maximum range is required Set only the lowest data rate enabled as the single basic rate Multicast pa...

Page 38: ... Power Control DTPC should be enabled When using an access point that supports DTPC set the client power to match the local access point power Do not use default setting of Max power for client power on Cisco autonomous access points as that will not advertise DTPC to the client If the access point does not support DTPC then the Cisco Unified Wireless IP Phone 7925G Series will use the highest ava...

Page 39: ... glass etc Avoid mounting access points on these surfaces Below is a list of multipath effects Data Corruption Occurs when multipath is so severe that the receiver is unable to detect the transmitted information Signal Nulling Occurs when the reflected waves arrive exactly out of phase with the main signal and cancel the main signal completely Increased Signal Amplitude Occurs when the reflected w...

Page 40: ...utilized to verify coverage by using the Neighbor List menu By Default the Cisco Unified Wireless IP Phone 7925G Series only scans when the current signal lowers to a certain threshold so only one access point may be visible in the list if configured for auto scan mode To see all access points in the neighbor list menu place a call from the Cisco Unified Wireless IP Phone 7925G Series to a wired I...

Page 41: ...This information can be utilized to confirm access point configuration as well as coverage The neighbor table shows which access points along the column are neighbors of the access points with the strongest signal listed in the row The percentage of time that the access point had the highest RSSI is displayed as well as the RSSI range for that access point when it was observed The access point nam...

Page 42: ...Cisco Unified Wireless IP Phone 7925G Series Deployment Guide 42 ...

Page 43: ...one basis Softkey Templates Custom softkey templates can be created with the option of giving additional feature access or limiting feature access Softkeys are assigned based on the state of the phone on hook connected on hold ring in off hook connected transfer digits after first connected conference ring out off hook with feature remote in use connected no feature The order of the softkeys can a...

Page 44: ... profiles can be utilized to enable authenticated mode or encrypted mode where signaling media and phone configuration file encryption The Certificate Authority Proxy Function CAPF to be operational Each Cisco Unified Wireless IP Phone 7925G Series has a Manufactured Installed Certificate MIC ...

Page 45: ...less IP Phone 7925G Series For more information refer to the Cisco Unified Communications Manager documentation http www cisco com en US products sw voicesw ps556 tsd_products_support_series_home html Product Specific Configuration Options On the IP Phone Configuration page in Cisco Unified Communications Manager Administration the following Cisco Unified Wireless IP Phone 7925G Series configurati...

Page 46: ...s Access Settings Access can be used to limit user access to certain menus i e Network Profiles Web Access This parameter indicates whether the phone will accept connections from a web browser or another HTTP client Web Access can be set to Full where configuration changes can be made remotely or Read Only to provide information but not allowing changes to be made Locked Profiles Individual profil...

Page 47: ...enu that contains configurable items which can optionally be disabled Application Button Activation Timer The activation timer and priority of the application button can also be specified This determines how long the button must be pressed and held to activate Application Button Priority If the priority is low then will only function when the keypad is unlocked and on the home screen Medium priori...

Page 48: ...process Enable this option to troubleshoot file system issues This feature may impact phone performance if it is enabled Minimum Ring Volume This parameter controls the minimum ring volume on the phone This value is set by the administrator and can not be changed by an end user The end user can increase the ring volume but may not decrease the ring volume below the level defined The minimum ring v...

Page 49: ...quence 0 Disabled 1 Enabled Application Button Activation Timer appButtonTimer 0 Disabled 1 5 1 5 seconds Application Button Priority appButtonPriority 0 Low 1 Medium 2 High Out of Range Alert outOfRangeAlert 0 Disabled 1 Beep Once 2 4 Beep every 10 30 60 seconds Scan Mode scanningMode 0 Auto 1 Single AP 2 Continuous Restricted Data Rates restrictDataRates 0 Disabled 1 Enabled Power Off When Charg...

Page 50: ...co Unified Wireless LAN Controller and Access Points When configuring the access points use the following guidelines Set Quality of Service QoS to Platinum Ensure the WMM Policy is set to Allowed or Required Ensure Aironet IE is enabled Disable P2P Peer to Peer Blocking Action Public Secure Packet Forwarding PSPF Disable DHCP Address Assignment Ensure MFP Client Protection is set to disabled or op...

Page 51: ...ve the Cisco Unified Wireless IP Phone 7925G Series operate on the 5 GHz band due to have many channels available and not as many interferers as the 2 4 GHz band has In order to utilize CCKM enable WPA2 policy with AES encryption and 802 1x CCKM for authenticated key management type when the Cisco Unified Wireless IP Phone 7925G Series is running firmware version 1 3 4 or later in order to enable ...

Page 52: ...et QBSS to the client Configure session timeout as necessary It is recommended to extend the timeout to avoid possible interruptions during re authentication i e 86400 Enable Aironet Extensions Aironet IE Ensure P2P Blocking Action should be disabled Disable client exclusion for the voice SSID DHCP Address Assignment should be disabled MFP client protection should be disabled or only set to option...

Page 53: ...cckm admit traffic If the autonomous access point is registered to a WDS Wireless Domain Services server ensure both leap and eap types of authentication are enabled in the WDS configuration wlccp authentication server infrastructure method_Infrastructure wlccp authentication server client mac method_Clients wlccp authentication server client eap method_Clients wlccp authentication server client l...

Page 54: ... In the recent versions Symmetric Mobility Tunneling is enabled by default and non configurable When multiple Cisco Unified Wireless LAN Controllers are to be in the same mobility group then the IP address and MAC address of each Cisco Unified Wireless LAN Controller should be added to the Static Mobility Group Members configuration ...

Page 55: ...t the beacon period to 100ms Ensure DTPC Support is enabled If using 802 11n capable access points ensure ClientLink is enabled Configure 12 Mbps as the mandatory basic rate and 18 24 or 54 Mbps as supported optional rates 36 54 Mbps can optionally be disabled if there are not any applications that can benefit from those rates Enable CCX Location Measurement ...

Page 56: ...bps as supported optional rates assuming that there will not be any 802 11b only clients that will connect to the wireless LAN If there are existing 802 11b clients then 11 Mbps should be set as the mandatory basic rate and 12 24 or 54 Mbps as supported optional 36 54 Mbps can optionally be disabled if there are not any applications that can benefit from those rates Enable CCX Location Measurement...

Page 57: ...Deployment Guide 57 If using 5 GHz ensure that channel 165 is not enabled in the DCA list as the Cisco Unified Wireless IP Phone 7925G Series does not support channel 165 If using 2 4 GHz only channels 1 6 and 11 should be enabled in the DCA list ...

Page 58: ...er 5 or 2 4 GHz depending on which band is to be utilized Other access points enabled can be enabled for Auto RF and workaround the access points that are statically configured This may be necessary if there is an intermittent interferer present in an area Enable ClientLink if using 802 11n capable access points CleanAir should be enabled if using capable access points i e Cisco Aironet 3500 Serie...

Page 59: ...use issues if multiple data rates are enabled LLM is not supported on the Cisco 802 11n access points DFS 802 11h In the DFS 802 11h configuration channel announcement and quite mode should be enabled Power constraint should be left un configured or set to 0 dBm as DTPC will be used by the Cisco Unified Wireless IP Phone 7925G Series to control the transmission power In later versions of the Cisco...

Page 60: ...is 75 where 6 of that bandwidth is reserved for roaming clients Roaming clients are not limited to using the reserved roaming bandwidth but is to reserve some bandwidth in case all other bandwidth is utilized Will want to ensure load based CAC is enabled which is available in the 4 1 release for the Cisco Unified Wireless LAN Controller but not currently available on the autonomous access point pl...

Page 61: ... IP Phone 7925G Series Deployment Guide 61 Call Admission Control for Video should be disabled After enabling Call Admission Control the following configuration should be enabled which can be displayed in the show run config ...

Page 62: ... points therefore it is not recommended to enable CAC on autonomous access points The autonomous access point only allows for 1 stream and the stream size is not customizable therefore SRTP and barge will not work if CAC is enabled dot11 ssid voice vlan 21 authentication open eap eap_methods authentication network eap eap_methods authentication key management wpa cckm admit traffic Also ensure tha...

Page 63: ...255 scale and is CCA based So this gives a true representation on how busy the channel is The max threshold is also defined on the client side which is set to 105 The second version from Cisco is based on the 802 11e version but allows the default max threshold of 105 to be optionally configured Each version of QBSS can be optionally be configured on the access point For the Cisco Unified Wireless...

Page 64: ...recommended to disable the Auto Immune feature on the Cisco Unified Wireless LAN Controller The Auto Immune feature was introduced in the 4 2 176 0 release which was enabled by default and non configurable As of the 4 2 207 0 5 2 193 0 and 6 0 182 0 releases this feature is disabled by default but can be enabled optionally To view the Auto Immune configuration on the Cisco Unified Wireless LAN Con...

Page 65: ... default EAP Request Timeout was changed from 2 to 30 seconds The default timeout on the Cisco ACS server is 20 seconds To view the EAP configuration on the Cisco Unified Wireless LAN Controller telnet or SSH to the controller and enter the following command Cisco Controller show advanced eap EAP Identity Request Timeout seconds 30 EAP Identity Request Max Retries 2 EAP Key Index for Dynamic WEP 0...

Page 66: ...onfig network arpunicast disable As of the 5 1 151 0 release proxy ARP is always enabled and non configurable For autonomous access points enter dot11 arp cache optional Configuring TKIP Countermeasure Holdoff Time TKIP countermeasure mode can occur if the Access Point receives two message integrity check MIC errors within a 60 second period When this occurs the Access Point will de authenticate a...

Page 67: ...mobility is enabled where the Wireless LAN Services Module WLSM is deployed Configuring the Cisco Unified Wireless IP Phone 7925G Series There are three methods for configuring network settings on the Cisco Unified Wireless IP Phone 7925G Series Configuring Phones with the Keypad The network profiles can be configured by navigating to Settings Network Profiles It may be required to unlock the scre...

Page 68: ...n previous releases the Cisco Unified Wireless IP Phone 7925G Series would default to Auto RSSI mode which would attempt to associate to the access point with the strongest signal 802 11a mode will only scan 5 GHz channels and 802 11b g mode will only scan 2 4 GHz channels where it will then attempt to associate to an access point if the configured network is available For Auto a and Auto b g mode...

Page 69: ... 0 9 A F HEX 128 26 0 9 A F The AKM security mode is an auto authentication mode that can use either LEAP for 802 1x authentication or WPA Pre Shared Key If using 802 11i Pre Shared key enter the ASCII or hexadecimal formatted key Pre Shared Key requires that a passphrase be entered in ASCII or hexadecimal format ASCII 8 63 characters HEX 64 characters 0 9 A F AKM mode requires a key management ty...

Page 70: ...HCP or configure static IP information If option 150 or 66 is not configured to provide the TFTP server IP address via the network s DHCP scope then enter the TFTP server IP address info To enable PEAP with server validation select Validate Server Certificate after importing the authentication server certificate When using EAP TLS select either Manufacturing Issued or User Installed for the Client...

Page 71: ...o be configured or enable 12 Mbps on the access point By limiting number of channels to be scanned this can help reduce the time for access point discovery while passively scanning DFS channels in 802 11a mode This can also help preserve battery life If using this feature then only disable those channels that are not used in the wireless LAN If a channel is disabled that is currently used by an ac...

Page 72: ... or for authentication server validation when using PEAP MS CHAPv2 Extensible Authentication Protocol Transport Layer Security EAP TLS is using the TLS protocol with PKI to secure communications to the authentication server TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation EAP TLS provides excellent security but requires client ce...

Page 73: ...mport the certificates into the RADIUS server and enable them in the certificate trust list For the user installed certificate method select Install on the main certificates page which will launch the installation wizard To generate the certificate signing request enter the certificate information and import the certificate from the Certificate Authority CA server that is signing the certificate T...

Page 74: ...yment Guide 74 After Submit is selected the certificate will then be generated The certificate will then be displayed and is now ready to be signed Select all of the certificate data in order to copy it to the Certificate Authority server to be signed ...

Page 75: ...ificate data from the Cisco Unified Wireless IP Phone 7925G Series to the Certificate Authority signing server and submit for signing When the certificate has been signed download the CA certificate in DER encoded format base 64 encoded certificates are not supported Ensure Client Authentication is listed in the Enhanced Key Usage section of the certificate details ...

Page 76: ... The authentication server certificate must also be imported into the Cisco Unified Wireless IP Phone 7925G Series for both the MIC and User Installed methods If the authentication server certificate was signed by a Certificate Authority CA server then that DER encoded root certificate will need to be imported into the Cisco Unified Wireless IP Phone 7925G Series If the Cisco Unified Wireless IP P...

Page 77: ... Series Deployment Guide 77 The Cisco Unified Wireless IP Phone 7925G Series must be restarted after installing the certificate Click on the hyperlink to navigate to the Phone Restart page Click the Restart button to power cycle the phone ...

Page 78: ...security information is to be exported configure the Export Security Credentials option to True After selecting True the Wireless LAN security information will need to be re entered This will then allow that information to be exported and then imported to other Cisco Unified Wireless IP Phone 7925G Series phones Bluetooth Configuration The Cisco Unified Wireless IP Phone 7925G Series supports Blue...

Page 79: ...S docs voice_ip_comm cucm cucos 7_1_2 cucos iptpch7 html During TFTP server download the phone configuration file is parsed and the device load is identified The phone downloads the firmware files to flash if it is not running the specified image already Cisco Unified Communications Manager device load takes precedence over the TFTP firmware version The Load Server can be specified as an alternate...

Page 80: ...e 7925G Series registers to Cisco Unified Communications Manager web access to the Cisco Unified Wireless IP Phone 7925G Series gets set to read only mode In this mode firmware upgrades via the web interface are not allowed Ultimately the Cisco Unified Wireless IP Phone 7925G Series will use what is set as the phone load in the Cisco Unified Communications Manager Wavelink Avalanche The Wavelink A...

Page 81: ...t Guide 81 When clients register with the Wavelink server they will appear in the console To set client properties right click on the client and select Client Settings The Cisco Unified Wireless IP Phone 7925G Series will have parameters enabled by default ...

Page 82: ...7925G Additional properties can be added as necessary for better client management Mobile Device Groups can be created to group clients based on client properties Enter the selection criteria either manually or using the wizard after right clicking on the mobile device group and selecting Settings ...

Page 83: ... Package under the Software Management menu Browse to the 7925G Configuration Utility package file i e 7925CU 1 3 1 AVA Create a software collection to add the package to The license agreement will be displayed after selecting Next Click on Finish when the installation is complete Note The 7925CU must be installed locally on the Wavelink Avalanche server ...

Page 84: ...nt Guide 84 The software package must then be enabled by right clicking on the package and selecting Enable Package Selection collections can also be created with their own selection criteria to determine which clients should receive the software package ...

Page 85: ...ge right click on the package and select 7921CU The 7925G Configuration Utility will then be launched Enter the profile name and enable the profile Configure the network profiles by specifying the Wireless LAN credentials PEAP and EAP TLS are not supported in the Configuration Utility for Wavelink ...

Page 86: ...e 7925G Series Deployment Guide 86 Configure the network settings for the network profile Ensure that Wavelink server enable is set to Yes Configure whether the client will get the Wavelink IP info from DHCP or configured statically ...

Page 87: ...e 7925G Series is intended to help quicken the provisioning and deployment process of many phones when unique 802 1x accounts are used with EAP FAST PEAP MS CHAPv2 or LEAP or if a common set of credentials are used by all phones i e WPA2 PSK or a common 802 1x account The utility allows the creation configuration files which can be exported then enabled for TFTP download by the Cisco Unified Wirel...

Page 88: ...802 11 mode Security Mode WLAN credentials to match the voice WLAN If planning to use unique 802 1x accounts with the Bulk Export method the username and password do not need to be configured as that will be specified in the CSV file By default DHCP is enabled and is the recommended method otherwise would need a template per phone if planning to use static IP addressing An alternate TFTP server ca...

Page 89: ... that is the default template used when the utility opens Phone configuration files can be exported by either the Default Export method or the Bulk Export method If a common set of credentials is to be used by all phones i e WPA2 PSK or a common 802 1x account then use the Default Export method If unique 802 1x accounts are to be deployed then use the Bulk Export method ...

Page 90: ...able config file has been exported successfully The default file will be in the format of WLANDefault xml which the phone does a TFTP get for when it powers on or during re provisioning Bulk Export If needing to deploy the Cisco Unified Wireless IP Phone 7925G Series with unique 802 1x accounts utilizing EAP FAST PEAP or LEAP then select the Bulk Export method The common data entered plus a CSV co...

Page 91: ... point to the TFTP server hosting the phone configuration files It is not recommended to copy the configuration files to the Cisco Communication Manager s TFTP server Once the Cisco Unified Wireless IP Phone 7925G Series gets its configuration file then it will re provision with the new settings and attempt to join the intended WLAN based on the new credentials received The Bulk Deployment Utility...

Page 92: ...P Phone 7925G Series Deployment Guide 92 The phone book data can be exported which can be imported onto other phones XML and CSV formats are supported as well as the CSV format used by the Cisco Unified Wireless IP Phone 7920 ...

Page 93: ...eries Deployment Guide 93 Increased Font As of the 1 4 1 release there are options for default original font or increased font The font size can optionally be configured locally on the phone Settings Phone Settings Display Settings Font Size ...

Page 94: ... 94 Default Font Increased Font Using Phone Designer The Phone Designer application allows the ability to have a customer wallpaper and ringtone for each phone The Cisco Unified Wireless IP Phone 7925G Series is supported in Phone Designer version 7 1 3 and later ...

Page 95: ... Unified Communications Manager and associated to the corresponding phone In order to configure the wallpaper either select a pre defined wallpaper or import a wallpaper from the local computer by selecting Import To display the wallpaper on the phone select Preview on Phone To activate and save the wallpaper to the phone flash select Save to Phone In order to configure the ringtone either select ...

Page 96: ...d in the 1 4 1 release for the Cisco Unified Wireless IP Phone 7925G Series For information on IP phone services configuration refer to the following URL http www cisco com en US docs voice_ip_comm cucm admin 8_0_2 ccmcfg b06phsrv html Extensible Markup Language XML The following document provides the information needed for eXtensible Markup Language XML and X Open System Interface XSI programmers...

Page 97: ... Java Mobile Information Device Profile MIDP programmers and system administrators to develop and deploy IP phone services http developer cisco com web jmapi home Troubleshooting Stream Statistics The Cisco Unified Wireless IP Phone 7925G Series provides call statistic information where MOS jitter and packet counters are displayed DSCP for transmit and receive paths are also displayed which can he...

Page 98: ...Status Call Statistics or if on a phone call press the center button twice For more information see the Troubleshooting the Cisco Unified Wireless IP Phone 7925G Series chapter in the Cisco Unified Wireless IP Phone 7925G Administration Guide at this URL http www cisco com en US products hw phones ps379 prod_maintenance_guides_list html ...

Page 99: ... also be displayed by navigating to Settings Status Network Statistics If on a phone call should see the DataRcvVO counter increasing assuming QoS has been deployed correctly This reflects that voice packets are being properly marked as UP6 VO downstream to the Cisco Unified Wireless IP Phone 7925G Series ...

Page 100: ...Cisco Unified Wireless IP Phone 7925G Series Deployment Guide 100 ...

Page 101: ...edia delay packet loss packet count roaming delay roaming count will be gathered by the AP and escalated to the WLAN management system which will help maintain a database that can be used for the benefit of the stations by ensuring low packet latency and loss Check the box Metrics Collection in the global 802 11 Voice Parameters to enable Traffic Stream Metrics See the Call Admission Control Setti...

Page 102: ...ries will then be displayed Select one of the entries to display the uplink and downlink statistics Phone Logs Phone logs for troubleshooting purposes can be obtained from the Cisco Unified Wireless IP Phone 7925G Series web interface The phone logs are stored in memory only by default but can optionally enable Preserve Logs where the logs will be stored in flash Syslog can also be enabled to capt...

Page 103: ...ning roaming authentication Wireless LAN Manager WLAN Management QoS Configuration Phone configuration firmware upgrade Call Control Cisco Unified Communications Manager messaging SCCP Network Services DHCP TFTP CDP WWW Syslog Security Subsystem Application level security User Interface Keypad softkeys MMI Audio System RTP SRTP RTCP DSP ...

Page 104: ...ed Wireless IP Phone 7925 can help determine whether the radios is functional or not by displaying a number of bars for the signal indicator The number of bars equates to the signal received by the access point and will display those bars in either grey yellow or green depending on the current status Below the correlation between the color and status are defined Grey The phone is in range of some ...

Page 105: ...D and 802 11 mode Firmware Recovery If the Cisco Unified Wireless IP Phone 7925G Series does no boot properly then the firmware can be recovered via the USB connection 1 Power on the phone while holding down the application button and the speakerphone button simultaneiously and keep it helf until Starting Recovery Mode is displayed 2 A firmware check will then be performed 3 Insert the USB cable i...

Page 106: ...e phone briefly displays Restore to Default 8 Press the Yes softkey to confirm or No to cancel The phone resets after selecting Yes Capturing a Screenshot of the Phone Display The current display can be captured by browsing to http x x x x CGI Screenshot where x x x x is the IP address of the Cisco Unified Wireless IP Phone 7925G Series At the prompt enter the username and password for the account...

Page 107: ... IP Phone 7925G Series For more information refer to the Cisco Unified Wireless IP Phone 7925G Accessories Guide at this URL http www cisco com en US products hw phones ps379 products_user_guide_list html Batteries Standard and Extended Carry Cases Holster and Leather Multi Charger Lock Set USB Cable 3rd Party Accessories Carry Cases www zcover com www systemwear com Chargers www zcover com Headse...

Page 108: ...Cisco Unified Wireless IP Phone 7925G Series Deployment Guide 108 ...

Page 109: ...o Unified Communications Manager Express http www cisco com en US products ps7273 tsd_products_support_series_home html Cisco Voice Software http www cisco com kobayashi sw center sw voice shtml Cisco Localization http www cisco com kobayashi sw center telephony callmgr locale installer shtml Cisco Unified IP Phone Services Application Development Notes http www cisco com en US docs voice_ip_comm ...

Page 110: ...Cisco Unified Wireless IP Phone 7925G Series Deployment Guide 110 http www cisco com en US products hw phones ps379 products_licensing_information_listing html ...

Page 111: ... Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone iQuick Study IronPort the IronPort logo LightStream Linksys MediaTone MeetingPlace MeetingPlace Chime Sound MGX Networkers Networking Academy Network Registrar PCNow PIX PowerPanels ProConnect ScriptShare SenderBase SMARTnet Spectrum Expert StackWise The Fastest Way to Increase Your Internet Quotient TransPath WebEx...

Reviews:

No comments

Related manuals for 7925G Series

Brand: Uniden Pages: 16

Brand: Haier Pages: 57

Brand: GAI-Tronics Pages: 32

Brand: Unify Pages: 2

Yealink SIP-T46G

Brand: Yealink Pages: 6

Brand: Yealink Pages: 176

blackview Crown

Brand: Iget Pages: 76

Brand: Sony Ericsson Pages: 74

Brand: GS-hosted Pages: 26

Brand: Tadiran Telecom Pages: 222

Brand: UniData Communication Systems Pages: 41

Brand: UTStarcom Pages: 54

Brand: Sony Ericsson Pages: 87

Brand: SoftBank Pages: 2

Brand: Yarvik Pages: 515

Brand: Crestron Pages: 422

Brand: AU Pages: 55

Brand: Samsung Pages: 184

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands