4-14
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0
OL-15985-01
Chapter 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages
Configuring Network Profiles
Configuring Wireless LAN Security
The Cisco Unified Wireless IP Phone 7921G supports many types of authentication. Authentication
methods might require a specific encryption method or you can choose between several encryption
methods. When configuring a network profile, you can choose one of these authentication methods:
•
Open—Provides access to all access points without WEP Key authentication/encryption.
•
Open plus WEP—Provides access to all access points and authentication through the use of one or
more WEP Keys at the local access point.
•
Shared Key plus WEP—Provides shared key authentication through the use of WEP Keys at the
local access point.
•
LEAP— Exchanges a username and cryptographically secure password with a RADIUS server for
authentication in the network. LEAP is a Cisco proprietary version of EAP.
•
EAP-FAST—Exchanges a username and password and with a RADIUS server for authentication in
the network.
•
EAP-TLS—Uses a dynamic session-based WEP key derived from the client adapter and RADIUS
server to encrypt data and a client certificate for authentication. It uses PKI to secure communication
to the RADIUS authentication server.
•
PEAP (EAP-MSCHAP V2)—Performs mutual authentication, but does not require a client
certificate on the phone. This method uses name and password authentication based on Microsoft
MSCHAP V2 authentication.
•
PEAP with Server Certificate Authentication—The Cisco Unified IP Phone can validate the server
certificate during the authentication handshake over an 802.11 wireless link. This functionality is
disabled by default and is enabled in Cisco Unified CallManager Administration.
•
Auto (AKM)—Automatic authenticated key management in which the phone selects the AP and
type of key management scheme, which includes WPA, WPA2, WPA-Pre-shared key,
WPA2-Pre-shared key, or CCKM (which uses a wireless domain server (WDS)).
Note
When set to AKM mode, the phone uses LEAP for 802.1x type authentication methods (non-Pre-shared
key such as WPA, WPA2, or CCKM). AKM mode supports only authenticated key-management types
(WPA, WPA2, WPA-PSK, WPA2-PSK, CCKM).
The type of authentication and encryption schemes that you are using with your WLAN determine how
you set up the authentication, security, and encryption options in the network profiles for the Cisco
Unified Wireless IP Phones.
Table 4-3
provides a list of supported authentication and encryption
schemes that you can configure on the Cisco Unified Wireless IP Phone 7921G.
Table 4-3
Authentication and Encryption Configuration Options
Authentication Mode
Wireless Encryption
Wireless Security Credentials
Open
None
None—access to all APs
Open plus WEP
Static WEP
Requires WEP Key
None—access to all APs
Shared Key plus WEP
Static WEP
Requires WEP Key
Uses shared-key with AP
LEAP (with optional CCKM)
Uses WEP
Requires Username and Password